Bonjour
Tu m'as demandé si je connaissais ces programme. La réponse est non.
WIRESS] C:\Program Files\WIRESS\rssfeed.exe
[LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
J'ai fait le travail avec CFScript.txt et combofix ; le bureau disparaissait en plusieurs fois, je n'i rien touché mais à un moment l'ordi a redémarré tout seul; j'ai attendu 10 min environ puis j'ai ouvert avec mon compte utilisateur et ça a relancé le programme tout seul.
Je t'envoie les rapports et j'attends tes consignes.
ComboFix 07-08-14.4 - "francois" 2007-08-16 7:18:36.7 -
FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.74 [GMT 4:00]
Command switches used :: C:\Documents and Settings\francois\Bureau\cfscript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Norton AntiVirus\Quarantine
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\activex_933_it.0xe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\activex_933_it.0xe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.4
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\activex_933_it.0xe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\activex_933_it.0xe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6
C:\WINDOWS\Downloaded Program Files\CONFLICT.7
C:\WINDOWS\Downloaded Program Files\CONFLICT.8
C:\WINDOWS\Downloaded Program Files\CONFLICT.9
((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))
2007-08-15 17:28 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-14 22:10 741,376 --a------ C:\WINDOWS\system32\dllcache\helpctr.exe
2007-08-14 22:10 73,728 --a------ C:\WINDOWS\system32\dllcache\nmcom.dll
2007-08-14 22:10 608,256 --------- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2007-08-14 22:10 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-08-14 22:10 593,408 --a------ C:\WINDOWS\system32\dllcache\h323msp.dll
2007-08-14 22:10 552,448 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-08-14 22:10 552,448 --a------ C:\WINDOWS\system32\dllcache\rtcdll.dll
2007-08-14 22:10 441,344 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-08-14 22:10 441,344 --a------ C:\WINDOWS\system32\dllcache\ipnathlp.dll
2007-08-14 22:10 40,960 --a------ C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-08-14 22:10 364,544 --a------ C:\WINDOWS\system32\dllcache\callcont.dll
2007-08-14 22:10 307,200 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2007-08-14 22:10 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-08-14 22:10 253,952 --a------ C:\WINDOWS\system32\dllcache\mst120.dll
2007-08-14 20:00 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
2007-08-14 18:56 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-14 18:56 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-08-14 18:56 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-08-14 18:52 <REP> d-------- C:\WINDOWS\system32\bits
2007-08-14 18:49 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-08-14 18:49 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-08-14 18:49 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-08-14 18:49 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-08-14 18:49 360,960 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2007-08-14 18:49 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-08-14 18:49 331,776 --a------ C:\WINDOWS\system32\dllcache\winhttp.dll
2007-08-14 18:49 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-08-14 18:49 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-08-14 18:42 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-08-14 18:42 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-14 18:42 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-08-14 18:42 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-08-14 18:41 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-08-14 18:08 <REP> d-------- C:\Program Files\jv16 PowerTools
2007-08-13 17:17 <REP> d-------- C:\Program Files\CodeStuff
2007-08-12 21:42 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-12 20:05 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris
2007-08-12 11:40 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-11 08:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 21:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-11 21:11 668950 ---hs---- C:\WINDOWS\system\bcanbi.bak2
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49]
"FSASWREG"="C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe" [2004-11-04 14:03]
"News Service"="C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" []
"F-Secure TNB"="C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" [2004-09-17 13:59]
"F-Secure Manager"="C:\Program Files\Securitoo\Av_Fw\Common\FSM32.exe" [2004-12-22 12:28]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"Recguard"="C:\Program Files\HP\recguard.exe" []
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.exe" [2005-03-16 17:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [2003-05-16 17:09]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"3capplnk"="C:\Program Files\US Robotics\\3capplnk.exe" []
"WIRESS"="C:\Program Files\WIRESS\rssfeed.exe" []
"REAL"="C:\Program Files\REAL\realjbox.exe" []
"eTrust Realtime Monitor"="C:\WINDOWS\System32\realmon.exe" []
"LocalProxy"="C:\Program Files\LocalProxy\proxy4free.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-12 10:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2006-07-23 11:59:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"<NO NAME>"= {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl [ ]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\System32\drivers\fsdfw.sys
R2 acernbm;acernbm;C:\WINDOWS\System32\drivers\acernbm.sys
R2 BackWeb Plug-in - 8520111;Securitoo Antivirus Firewall;C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSrec.sys
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS
S3 POWERKEY;POWERKEY;\??\C:\Progra~1\Launch Manager\POWERKEY.sys
S3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;C:\WINDOWS\System32\Drivers\USB650C.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\System32\ZDCndis5.SYS
Contents of the 'Scheduled Tasks' folder
2007-08-16 02:58:34 C:\WINDOWS\Tasks\Scheduled scanning task.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-16 07:36:19
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-16 7:42:47 - machine was rebooted
C:\ComboFix3.txt ... 2007-08-15 18:16
C:\ComboFix-quarantined-files.txt ... 2007-08-16 07:42
C:\ComboFix2.txt ... 2007-08-15 19:16
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:01:08, on 16/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Recguard] C:\Program Files\HP\recguard.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [3capplnk] C:\Program Files\US Robotics\\3capplnk.exe
O4 - HKLM\..\Run: [WIRESS] C:\Program Files\WIRESS\rssfeed.exe
O4 - HKLM\..\Run: [REAL] C:\Program Files\REAL\realjbox.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/w ... 7102465377
O21 - SSODL: Dossier du Bureau pour l'écriture de CD - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe