salut,
mon pc a été infecté par le trj ms juan.je l'ai scan avec combofix + spyware doctor
+ malwarebyte.
il semble avoir disparu mais j'aimerais en etre sur.
ci joint log combofix :
ComboFix 08-07-13.12 - marion 2008-07-14 16:07:37.1 - NTFSx86
Endroit: G:\fichiers exe\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_003173_.tmp.dll
C:\WINDOWS\system32\drlikmoe.dll
C:\WINDOWS\system32\sajnfv.dll
C:\WINDOWS\system32\trtpdmwx.ini
C:\WINDOWS\system32\WFeMonmp.ini
C:\WINDOWS\system32\WFeMonmp.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.
2008-07-13 03:23 . 2008-07-13 03:23 268 --ah----- C:\sqmdata02.sqm
2008-07-13 03:23 . 2008-07-13 03:23 244 --ah----- C:\sqmnoopt02.sqm
2008-07-12 13:40 . 2008-07-13 03:18 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-07-06 14:27 . 2008-07-06 14:31 57 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-07-06 14:26 . 2006-03-24 22:00 141,312 --a------ C:\WINDOWS\system32\dllcache\fxsclntr.dll
2008-07-06 14:26 . 2006-03-24 22:00 113,664 --a------ C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2008-07-06 14:26 . 2006-03-24 22:00 31,744 --a------ C:\WINDOWS\system32\dllcache\fxsroute.dll
2008-07-06 14:26 . 2006-03-24 22:00 11,776 --a------ C:\WINDOWS\system32\dllcache\fxssend.exe
2008-07-02 21:27 . 2008-07-10 18:58 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-06-25 13:17 . 2008-06-25 13:17 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-24 14:13 . 2008-06-24 14:13 <REP> d-------- C:\WINDOWS\Sun
2008-06-20 19:47 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 00:42 . 2008-06-20 00:42 754 --a------ C:\WINDOWS\wordpad.INI
2008-06-20 00:10 . 2008-07-07 03:34 357,768 --a------ C:\Documents and Settings\marion\SymXPep2.dll
2008-06-19 02:32 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-19 02:32 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-19 02:32 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-19 02:32 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-19 02:32 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-19 02:32 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-19 02:32 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-19 02:32 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-06-18 03:01 . 2008-06-18 03:01 <REP> d-------- C:\Program Files\LimeWire
2008-06-18 03:01 . 2008-07-11 19:14 <REP> d-------- C:\Documents and Settings\marion\Application Data\LimeWire
2008-06-15 20:31 . 2008-07-10 01:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 20:31 . 2008-06-15 20:31 <REP> d-------- C:\Documents and Settings\marion\Application Data\Malwarebytes
2008-06-15 20:31 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-15 20:31 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 15:01 . 2008-06-14 15:01 736 --a------ C:\WINDOWS\SamsungMaster.INI
2008-06-14 05:09 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-06-14 05:09 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-06-14 05:09 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-06-14 04:27 . 2008-07-14 14:07 <REP> d-------- C:\Program Files\Norton 360
2008-06-14 04:27 . 2008-06-14 04:54 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-14 04:27 . 2008-06-14 04:54 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-14 04:27 . 2008-06-14 04:54 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-14 04:27 . 2008-06-14 04:54 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 14:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-14 13:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-14 12:27 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-14 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-10 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-27 23:53 --------- d-----w C:\Program Files\Java
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 21:19 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-19 21:19 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 13:47 --------- d-----w C:\Documents and Settings\marion\Application Data\HP
2008-06-14 02:54 --------- d-----w C:\Program Files\Symantec
2008-06-12 23:59 --------- d-----w C:\Program Files\backups
2008-06-10 23:40 --------- d-----w C:\Program Files\QuickTime
2008-06-10 23:40 --------- d-----w C:\Program Files\NetWaiting
2008-06-10 23:40 --------- d-----w C:\Program Files\Microsoft Works
2008-06-10 23:40 --------- d-----w C:\Program Files\GemMasterFrench
2008-06-10 23:40 --------- d-----w C:\Program Files\FrenchOtto
2008-06-10 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 22:12 --------- d-----w C:\Program Files\Ashampoo
2008-06-05 19:37 --------- d-----w C:\Program Files\iTunes
2008-06-05 19:37 --------- d-----w C:\Program Files\iPod
2008-06-04 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-06-04 16:58 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-06-04 16:57 --------- d-----w C:\Program Files\Logitech
2008-06-04 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-31 23:55 --------- d-----w C:\Documents and Settings\marion\Application Data\Apple Computer
2008-05-25 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 12:19 --------- d-----w C:\Program Files\Samsung
2008-05-25 12:19 --------- d-----w C:\Program Files\Fichiers communs\ST System Shared
2008-05-25 12:19 --------- d-----w C:\Documents and Settings\marion\Application Data\Samsung
2008-05-25 12:18 --------- d-----w C:\Documents and Settings\marion\Application Data\InstallShield
2008-05-24 18:14 --------- d-----w C:\Program Files\Apple Software Update
2008-05-22 12:02 --------- d-----w C:\Program Files\Magentic
2008-05-19 10:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-19 10:42 --------- d-----w C:\Program Files\Bonjour
2008-05-19 10:40 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-19 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-16 04:05 --------- d-----w C:\Program Files\Windows Plus
2008-05-16 04:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-16 04:05 --------- d-----w C:\Program Files\Synaptics
2008-05-16 04:05 --------- d-----w C:\Program Files\Sonic
2008-05-16 04:04 --------- d-----w C:\Program Files\Services en ligne
2008-05-16 04:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 04:03 --------- d-----w C:\Program Files\HP
2008-05-16 04:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-16 04:02 --------- d-----w C:\Program Files\Fichiers communs\TiVo Shared
2008-05-16 04:02 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-16 04:02 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-16 04:01 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-05-16 04:01 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-16 04:01 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 04:01 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-05-16 04:01 --------- d-----w C:\Program Files\CONEXANT
2008-05-16 03:58 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-05-16 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-16 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-05-16 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-16 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-16 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-16 00:19 0 ----a-w C:\Documents and Settings\marion\Application Data\wklnhst.dat
2008-05-16 00:19 --------- d-----w C:\Documents and Settings\marion\Application Data\Template
2008-05-15 23:16 --------- d-----w C:\Program Files\epson
2008-05-15 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-05-15 23:07 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-05-15 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-15 22:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-15 22:48 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 22:48 --------- d-----w C:\Program Files\CCleaner
2008-05-15 22:46 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-15 22:43 --------- d-----w C:\Program Files\Windows Live
2008-05-15 22:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-15 22:33 --------- d-----w C:\Documents and Settings\marion\Application Data\AdobeUM
2008-05-15 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-15 21:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-15 21:39 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-15 21:38 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-15 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-15 21:14 --------- d-----w C:\Documents and Settings\marion\Application Data\MSNInstaller
2008-05-15 20:48 --------- d-----w C:\Documents and Settings\marion\Application Data\Symantec
2008-05-15 20:27 --------- d-----w C:\Program Files\Fichiers communs\PC Tools
2008-05-15 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-15 20:22 --------- d-----w C:\Documents and Settings\marion\Application Data\PC Tools
2008-05-15 20:03 --------- d-----w C:\Program Files\Google
2008-05-15 19:52 --------- d-----w C:\Program Files\Sun
2008-05-15 19:32 --------- d-----w C:\Program Files\Neuf
2008-05-15 19:23 1,786 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V6000 (RR735EA#ABF)_YN_0Pres_QCNF6481DZ9_E419857053_46_I30BB_SQuanta_V66.21_BF.09_T061113_WXP2_L40C_M1015_J120_7Intel_8Core2 T5600_91.83_#061028_N80861092_(RR735EA#ABF)_XMOBILE_CN10_Z_2Rev 1.MRK
2008-05-15 19:18 --------- d-----w C:\Program Files\HPQ
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-15 21:35 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 11:00 480648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 15:14 102400]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2008-01-15 12:02 287984]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-07-18 03:54 116072]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-19 23:19 1107848]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-19 23:19]
R3 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-07-07 17:35]
R3 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-07 17:35]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-09 20:48:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 19:35:12 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-14 16:25:45
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Z??????`?@?????L?@
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 16:32:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 14:31:38
Pre-Run: 89,955,778,560 octets libres
Post-Run: 89,885,933,568 octets libres
280 --- E O F --- 2008-07-11 10:50:28
log malwarebyte :
Malwarebytes' Anti-Malware 1.20
Database version: 948
Windows 5.1.2600 Service Pack 3
17:39:46 14/07/2008
mbam-log-7-14-2008 (17-39-46).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 112335
Time elapsed: 47 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
et enfin rapport hijackthis pr savoir ce que je dois virer comme ligne inutile :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:34, on 14/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 5\WO5.exe
C:\WINDOWS\system32\taskmgr.exe
G:\fichiers exe\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-969078209-3020947683-408382819-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=
https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B69D1A4-E547-4F01-A2BE-BE02EDCBC665}: NameServer = 86.84.145.141,84.103.237.145
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Afficher la suite