Spyware
Dernière réponse : dans Sécurité
Bonjour,
J'ai un spyware sur msn, ça l'envoit à tous mes contacts quand je parle, ça me ferme toutes mes fenêtres avec qui je parle, j'ai plusieurs fenêtres de mes contacts msn qui s'ouvrent pour se refermer ensuite.
Merci, au revoir.
J'ai un spyware sur msn, ça l'envoit à tous mes contacts quand je parle, ça me ferme toutes mes fenêtres avec qui je parle, j'ai plusieurs fenêtres de mes contacts msn qui s'ouvrent pour se refermer ensuite.
Merci, au revoir.
Autres pages sur : spyware
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Bonjour,
Voici mon rapport:
MSNFix 1.639-2
C:\Documents and Settings\Laurie\Bureau\MSNFix\MSNFix
Fix exécuté le 22/01/2008 - 20:10:22,84 By Laurie
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\Laurie\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Laurie\??????.exe
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Laurie\??????.exe
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
Bonsoir.
Voici mon rapport:
MSNFix 1.639-2
C:\Documents and Settings\Laurie\Bureau\MSNFix\MSNFix
Fix exécuté le 22/01/2008 - 20:10:22,84 By Laurie
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\Laurie\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Laurie\??????.exe
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Laurie\??????.exe
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\Laurie\LOCALS~1\Temp\services.exe
Bonsoir.
Re,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:45, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\bhij.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {23b1e5c1-beca-f0aa-6af4-a9766ef06e07} - {70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32} - C:\WINDOWS\system32\vhaldeoi.dll (file missing)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\jkkkhfe.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [60265765] rundll32.exe "C:\WINDOWS\system32\uappbvbu.dll",b
O4 - HKLM\..\Run: [htssv32.exe] C:\WINDOWS\htssv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scrmail] C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: jkkkhfe - jkkkhfe.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11440 bytes
Scan saved at 13:35:45, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\bhij.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {23b1e5c1-beca-f0aa-6af4-a9766ef06e07} - {70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32} - C:\WINDOWS\system32\vhaldeoi.dll (file missing)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\jkkkhfe.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [60265765] rundll32.exe "C:\WINDOWS\system32\uappbvbu.dll",b
O4 - HKLM\..\Run: [htssv32.exe] C:\WINDOWS\htssv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scrmail] C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: jkkkhfe - jkkkhfe.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11440 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Ca y'est, je crois que c'est ça:
ComboFix 08-01-23.2 - Laurie 2008-01-23 15:02:23.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.186 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 19:29 . 2008-01-22 20:05 29,184 --a------ C:\cvbkwtb.exe
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 19:57 . 2008-01-21 19:57 10,752 --a------ C:\bhij.exe
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-22 20:05 58,368 --a------ C:\upaq.exe
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 17:59 . 2008-01-21 17:59 31,232 -r-hs---- C:\WINDOWS\htssv32.exe
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 14:05 . 2008-01-01 19:41 1,031,568 ---hs---- C:\WINDOWS\system32\ubvbppau.ini
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck .exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:35 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 13:27 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 13:27 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-23 11:39 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-22 17:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-26 11:51 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2007-12-26 11:51 --------- d-----w C:\Program Files\QuickTime
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-19 16:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 217 ----a-w C:\Program Files\setup.ini
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2005-10-05 11:18 241,664 ----a-w C:\Program Files\setup.exe
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
C:\WINDOWS\system32\vhaldeoi.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"scrmail"="C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"WintelUpdate"="C:\bhij.exe" [2008-01-21 19:57 10752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [ ]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [ ]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [ ]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [ ]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"60265765"="C:\WINDOWS\system32\uappbvbu.dll" [ ]
"htssv32.exe"="C:\WINDOWS\htssv32.exe" [2008-01-21 17:59 31232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
jkkkhfe.dll
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 14:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
ComboFix 08-01-23.2 - Laurie 2008-01-23 15:02:23.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.186 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 19:29 . 2008-01-22 20:05 29,184 --a------ C:\cvbkwtb.exe
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 19:57 . 2008-01-21 19:57 10,752 --a------ C:\bhij.exe
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-22 20:05 58,368 --a------ C:\upaq.exe
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 17:59 . 2008-01-21 17:59 31,232 -r-hs---- C:\WINDOWS\htssv32.exe
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 14:05 . 2008-01-01 19:41 1,031,568 ---hs---- C:\WINDOWS\system32\ubvbppau.ini
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck .exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:35 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 13:27 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 13:27 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-23 11:39 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-22 17:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-26 11:51 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2007-12-26 11:51 --------- d-----w C:\Program Files\QuickTime
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-19 16:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 217 ----a-w C:\Program Files\setup.ini
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2005-10-05 11:18 241,664 ----a-w C:\Program Files\setup.exe
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
C:\WINDOWS\system32\vhaldeoi.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"scrmail"="C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"WintelUpdate"="C:\bhij.exe" [2008-01-21 19:57 10752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [ ]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [ ]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [ ]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [ ]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"60265765"="C:\WINDOWS\system32\uappbvbu.dll" [ ]
"htssv32.exe"="C:\WINDOWS\htssv32.exe" [2008-01-21 17:59 31232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
jkkkhfe.dll
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 14:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
RenV::
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut .exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl .exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent .exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
C:\Program Files\USB Product Driver v2.32r005\shwicon .exe
C:\Program Files\Wanadoo\CnxMon .exe
C:\Program Files\Wanadoo\TaskbarIcon .exe
C:\Program Files\Wanadoo\Watch .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\PSDrvCheck .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEE .EXE
File::
C:\cvbkwtb.exe
C:\bhij.exe
C:\upaq.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\ubvbppau.ini
C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe
C:\WINDOWS\system32\uappbvbu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scrmail"=-
"WintelUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"60265765"=-
"htssv32.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut .exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl .exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent .exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
C:\Program Files\USB Product Driver v2.32r005\shwicon .exe
C:\Program Files\Wanadoo\CnxMon .exe
C:\Program Files\Wanadoo\TaskbarIcon .exe
C:\Program Files\Wanadoo\Watch .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\PSDrvCheck .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEE .EXE
File::
C:\cvbkwtb.exe
C:\bhij.exe
C:\upaq.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\ubvbppau.ini
C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe
C:\WINDOWS\system32\uappbvbu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scrmail"=-
"WintelUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"60265765"=-
"htssv32.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkhfe]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Re,
Bon alors pour le rapport de Combofix il me semble que c'est ça :
ComboFix 08-01-23.2 - Laurie 2008-01-23 16:59:26.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.197 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laurie\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\bhij.exe
C:\cvbkwtb.exe
C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe
C:\upaq.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\uappbvbu.dll
C:\WINDOWS\system32\ubvbppau.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bhij.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\ubvbppau.ini
.
---- Previous Run -------
.
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 15:59 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 15:59 --------- d-----w C:\Program Files\QuickTime
2008-01-23 13:27 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 13:27 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-23 11:39 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-22 17:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-19 16:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 217 ----a-w C:\Program Files\setup.ini
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2005-10-05 11:18 241,664 ----a-w C:\Program Files\setup.exe
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 16:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Bon alors pour le rapport de Combofix il me semble que c'est ça :
ComboFix 08-01-23.2 - Laurie 2008-01-23 16:59:26.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.197 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laurie\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\bhij.exe
C:\cvbkwtb.exe
C:\DOCUME~1\Laurie\APPLIC~1\flawdate\BIBSIXTHDASH.exe
C:\upaq.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\uappbvbu.dll
C:\WINDOWS\system32\ubvbppau.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bhij.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\ubvbppau.ini
.
---- Previous Run -------
.
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 15:59 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 15:59 --------- d-----w C:\Program Files\QuickTime
2008-01-23 13:27 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 13:27 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-23 11:39 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-22 17:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-19 16:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 217 ----a-w C:\Program Files\setup.ini
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2005-10-05 11:18 241,664 ----a-w C:\Program Files\setup.exe
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 16:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Et pour l'autre rapport de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\USB Product Driver v2.32r005\shwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11469 bytes
Voila voila en esperant que ca soit bon![:)]( ":)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\USB Product Driver v2.32r005\shwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11469 bytes
Voila voila en esperant que ca soit bon
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
RenV::
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
RenV::
C:\Program Files\QuickTime\qttask .exe
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Re, une fois de plus ![:)]( ":)")
Bon voila le rapport pour Combofix:
ComboFix 08-01-23.2 - Laurie 2008-01-23 20:51:39.5 - NTFSx86
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laurie\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
.
---- Previous Run -------
.
C:\bhij.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ubvbppau.ini
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:00 --------- d-----w C:\Program Files\QuickTime
2008-01-23 19:48 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 17:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 217 ----a-w C:\Program Files\setup.ini
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2005-10-05 11:18 241,664 ----a-w C:\Program Files\setup.exe
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.05.46.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:58:59 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 19:51:26 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 19:51:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:59:00 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 19:51:27 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 19:51:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:59:00 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 19:51:27 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 19:51:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-25 18:37 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-02 20:18 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys [2008-01-22 15:54]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 20:00:02 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Bon voila le rapport pour Combofix:
ComboFix 08-01-23.2 - Laurie 2008-01-23 20:51:39.5 - NTFSx86
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laurie\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
.
---- Previous Run -------
.
C:\bhij.exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ubvbppau.ini
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:00 --------- d-----w C:\Program Files\QuickTime
2008-01-23 19:48 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 17:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 217 ----a-w C:\Program Files\setup.ini
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2005-10-05 11:18 241,664 ----a-w C:\Program Files\setup.exe
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.05.46.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:58:59 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 19:51:26 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 19:51:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:59:00 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 19:51:27 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 19:51:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:59:00 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 19:51:27 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 19:51:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-25 18:37 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-02 20:18 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys [2008-01-22 15:54]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 20:00:02 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Ainsi que le rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\USB Product Driver v2.32r005\shwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11399 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\USB Product Driver v2.32r005\shwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11399 bytes
Essaie avec le script suivant :
Driver::
FFI
RenV::
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
C:\Program Files\QuickTime\qttask .exe
File::
C:\Program Files\setup.exe
C:\Program Files\setup.ini
C:\WINDOWS\system32\svchost.exe:exm.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
FFI
RenV::
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
C:\Program Files\QuickTime\qttask .exe
File::
C:\Program Files\setup.exe
C:\Program Files\setup.ini
C:\WINDOWS\system32\svchost.exe:exm.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70e60fe6-679a-4fa6-aa0f-aceb1c5e1b32}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
Allez courage ![:)]( ":)")
Voila le rapport de Combofix:
ComboFix 08-01-23.2 - Laurie 2008-01-23 21:54:52.6 - NTFSx86
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laurie\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\Program Files\setup.exe
C:\Program Files\setup.ini
C:\WINDOWS\system32\svchost.exe:exm.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\setup.exe
C:\Program Files\setup.ini
.
---- Previous Run -------
.
C:\bhij.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ubvbppau.ini
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
-------\LEGACY_FFI
-------\FFI
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:16 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 20:00 --------- d-----w C:\Program Files\QuickTime
2008-01-23 17:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.05.46.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:58:59 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:54:34 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:59:00 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 20:54:34 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:59:00 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 20:54:35 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 20:54:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-25 18:37 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-02 20:18 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys [2008-01-22 15:54]
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-23 21:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Voila le rapport de Combofix:
ComboFix 08-01-23.2 - Laurie 2008-01-23 21:54:52.6 - NTFSx86
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laurie\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE
C:\Program Files\setup.exe
C:\Program Files\setup.ini
C:\WINDOWS\system32\svchost.exe:exm.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\setup.exe
C:\Program Files\setup.ini
.
---- Previous Run -------
.
C:\bhij.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\htssv32.exe
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ubvbppau.ini
C:\WINDOWS\Temp\28853693.exe
C:\WINDOWS\Temp\432687220.exe
C:\WINDOWS\Fonts\-
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
-------\smtpdrv
-------\LEGACY_FFI
-------\FFI
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:54 . 2008-01-22 15:54 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2007-12-25 13:37 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2007-12-25 13:37 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2007-12-24 19:17 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2007-12-24 19:17 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2007-12-24 19:17 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2007-12-23 20:36 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LG Electronics
2007-12-23 20:36 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-12-23 20:35 . 2007-12-23 20:36 <REP> d-------- C:\Program Files\LGGSM
2007-12-23 19:47 . 2007-12-25 13:06 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 13:18 . 2007-12-25 18:03 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-23 13:18 . 2007-12-25 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:16 --------- d-----w C:\Program Files\Wanadoo
2008-01-23 20:00 --------- d-----w C:\Program Files\QuickTime
2008-01-23 17:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.05.46.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:58:59 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:54:34 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:59:00 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 20:54:34 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:59:00 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 20:54:35 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 20:54:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-25 18:37 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-02 20:18 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys [2008-01-22 15:54]
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-23 21:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
Et donc le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\USB Product Driver v2.32r005\shwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11056 bytes
Merci de ton aide![:)]( ":)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\USB Product Driver v2.32r005\shwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ShowIcon_Module-B_USB Product Driver v2.32r005] "C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" -t"Module-B\USB Product Driver v2.32r005"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F51E51A-543F-4FD2-B37D-3F75597EE44B}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11056 bytes
Merci de ton aide
Voila le rapport Combofix :
ComboFix 08-01-23.2 - Laurie 2008-01-27 17:06:52.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.
2008-01-24 16:48 . 2008-01-24 16:51 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-24 16:08 . 2008-01-25 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 16:08 . 2008-01-24 16:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 16:12 --------- d-----w C:\Program Files\Wanadoo
2008-01-27 11:49 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-24 16:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-24 15:58 --------- d-----w C:\Program Files\QuickTime
2008-01-24 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 13:27 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 13:27 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-22 17:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-25 17:04 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2007-12-25 17:03 406,016 ----a-w C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-25 12:06 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-23 19:36 --------- d-----w C:\Program Files\LGGSM
2007-12-23 19:36 --------- d-----w C:\Program Files\LG Electronics
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-19 16:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.05.46.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:58:59 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:54:34 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:59:00 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 20:54:34 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:59:00 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 20:54:35 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 20:54:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 16:05:27 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\ARPPRODUCTICON.exe
+ 2008-01-24 16:05:28 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut2_4BDFD2CE632942E498019B3D1F10D79B.exe
+ 2008-01-24 16:05:27 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut3_4BDFD2CE632942E498019B3D1F10D79B.exe
+ 2008-01-24 15:52:41 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2007-12-22 09:38:18 161,136 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-24 16:26:47 161,136 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-21 11:23:28 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 17:26:41 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-21 11:23:28 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-25 17:26:41 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-12-21 11:23:28 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 17:26:41 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-21 11:23:28 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-25 17:26:41 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-25 18:37 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-01-21 11:26:41 962661]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - WLSETUPSVC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-27 16:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2008-01-24 15:52:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 19:07:40 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2008-01-27 11:42:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 17:16:59
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Voila, Merci !![:)]( ":)")
ComboFix 08-01-23.2 - Laurie 2008-01-27 17:06:52.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurie\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.
2008-01-24 16:48 . 2008-01-24 16:51 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-24 16:08 . 2008-01-25 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 16:08 . 2008-01-24 16:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 14:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 13:33 . 2008-01-23 13:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-21 18:40 . 2008-01-22 20:05 2 --a------ C:\1613125578
2008-01-21 18:39 . 2008-01-21 18:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-20 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 20:51 . 2008-01-20 20:51 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-20 20:48 . 2008-01-20 20:48 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 20:34 . 2008-01-20 21:00 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:34 . 2008-01-20 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 20:28 . 2008-01-21 06:51 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 10:23 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-04 10:10 . 2005-12-14 15:10 552,960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 10:10 . 2005-12-14 15:08 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 10:10 . 2005-12-14 15:11 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-04 10:10 . 2004-03-09 09:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-01-04 10:09 . 1998-07-09 19:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-01-04 10:09 . 1998-03-04 10:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-12-27 10:45 . 2008-01-07 17:39 <REP> d-------- C:\Incomplete
2007-12-27 10:26 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2007-12-27 10:26 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 16:12 --------- d-----w C:\Program Files\Wanadoo
2008-01-27 11:49 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-01-24 16:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-24 15:58 --------- d-----w C:\Program Files\QuickTime
2008-01-24 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 15:59 --------- d-----w C:\Program Files\USB Product Driver v2.32r005
2008-01-23 13:27 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 13:27 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 12:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-22 17:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-20 19:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 09:09 --------- d-----w C:\Program Files\Samsung
2007-12-25 17:04 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2007-12-25 17:03 406,016 ----a-w C:\WINDOWS\system32\PSDrvCheck.exe
2007-12-25 12:06 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-23 19:36 --------- d-----w C:\Program Files\LGGSM
2007-12-23 19:36 --------- d-----w C:\Program Files\LG Electronics
2007-12-23 13:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 13:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 13:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 13:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 13:28 --------- d-----w C:\Program Files\Symantec
2007-12-22 11:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 19:22 --------- d-----w C:\Program Files\Disc2Phone
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-12-21 18:48 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-12-21 18:46 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-19 16:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-10 19:40 90,112 ----a-w C:\WINDOWS\DUMP251c.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2005-10-13 17:03 2,349,053 ----a-w C:\Program Files\openofficeorg4.cab
2005-10-13 17:02 49,474,481 ----a-w C:\Program Files\openofficeorg3.cab
2005-10-13 16:58 6,044,542 ----a-w C:\Program Files\openofficeorg2.cab
2005-10-13 16:58 17,302,480 ----a-w C:\Program Files\openofficeorg1.cab
2005-10-13 16:57 2,731,008 ----a-w C:\Program Files\openofficeorg20.msi
2002-03-11 08:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 07:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.05.46.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:58:59 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:54:34 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:59:00 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 20:54:34 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:59:00 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 20:54:35 7,057,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:59:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 20:54:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 16:05:27 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\ARPPRODUCTICON.exe
+ 2008-01-24 16:05:28 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut2_4BDFD2CE632942E498019B3D1F10D79B.exe
+ 2008-01-24 16:05:27 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut3_4BDFD2CE632942E498019B3D1F10D79B.exe
+ 2008-01-24 15:52:41 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2007-12-22 09:38:18 161,136 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-24 16:26:47 161,136 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-21 11:23:28 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 17:26:41 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-21 11:23:28 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-25 17:26:41 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-12-21 11:23:28 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 17:26:41 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-21 11:23:28 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-25 17:26:41 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-25 13:06 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 18:05 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-25 18:37 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 11:53 73728 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 01:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 01:50 81920]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-25 18:03 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-25 18:03 36975]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"Protect"="SHVRTF.EXE" [2004-11-24 16:17 1290240 C:\WINDOWS\system32\SHVRTF.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-12-25 18:04 32768]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-12-25 18:04 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-12-25 18:04 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-12-25 18:04 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-25 18:04 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2007-12-25 18:04 98304]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2007-12-25 18:04 40960]
"ShowIcon_Module-B_USB Product Driver v2.32r005"="C:\Program Files\USB Product Driver v2.32r005\shwicon.exe" [2007-12-25 18:04 81920]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-25 18:04 593920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-25 13:06 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 01:10:00 61440]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Othilie.ORDI-20C50D901B.000\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\Laurie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-01-21 11:26:41 962661]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-09-25 09:55]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
S3 gkmixern;gkmixern;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - WLSETUPSVC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-27 16:00:00 C:\WINDOWS\Tasks\AC18378891B7B558.job"
- c:\docume~1\laurie\applic~1\flawdate\thunk joy drive.exe
"2008-01-24 15:52:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 19:07:40 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Utilisateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2008-01-27 11:42:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 17:16:59
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Voila, Merci !
Bizarre...
EN MODE SANS ECHEC !
Supprime ces fichiers :
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
Renomme maintenant :
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe (avec espace)
en
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (sans espace)
C:\Program Files\QuickTime\qttask .exe (avec espace)
C:\Program Files\QuickTime\qttask .exe (sans espace)
EN MODE SANS ECHEC !
Supprime ces fichiers :
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
Renomme maintenant :
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe (avec espace)
en
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (sans espace)
C:\Program Files\QuickTime\qttask .exe (avec espace)
C:\Program Files\QuickTime\qttask .exe (sans espace)
Lassé par la pub ? Créez un compte
