Bonjour
Merci pour ton aide.
Voici les derniers rapports:
ComboFix 07-08-09.3 - "francois" 2007-08-13 8:27:07.4 -
FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.76 [GMT 4:00]
Command switches used :: C:\Documents and Settings\francois\Bureau\cfscript 13.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\drivers\etc\HOSTS.20060205-095846.0ACKUP I
C:\WINDOWS\system32\drivers\etc\HOSTS.20060205-095847.0ACKUP
C:\WINDOWS\system32\STEAM.0LL
C:\WINDOWS\system32\dmm.0xe
C:\WINDOWS\system32\PSHMGSUU.0LL
C:\WINDOWS\system32\OFCUGTEG.0LL
C:\WINDOWS\system32\TLUVNDFC.0LL
C:\WINDOWS\system32\UEUICJFD.0LL
C:\WINDOWS\system32\PBHLFFVN.0LL
C:\WINDOWS\system32\JYQBHBVG.0LL
C:\WINDOWS\system32\PLBIBYEJ.0LL
C:\WINDOWS\system32\xeifmljg.0xe
C:\WINDOWS\system32\ubopgxge.0ll
C:\WINDOWS\system32\wejwgleg.0ll
C:\WINDOWS\system32\ptshjbdv.0ll
C:\WINDOWS\system32\yhksyhmc.0ll
C:\WINDOWS\system32\ypjycewq.0xe
C:\WINDOWS\system32\lgxoutyf.0ll
C:\WINDOWS\system32\jcphynxe.0xe
C:\WINDOWS\system32\J7201531.0LL
C:\WINDOWS\system32\iuykwgyd.0xe
C:\WINDOWS\system32\qmoiikvp.0ll
C:\WINDOWS\system32\neqjgqup.0xe
C:\WINDOWS\system32\VMAKRHWK.0XE
C:\WINDOWS\system32\ttxnxjtn.0ll
C:\WINDOWS\system32\bumjuxvi.0xe
C:\WINDOWS\system32\ucqgjeky.0xe
C:\WINDOWS\system32\gxetwwvt.0xe
C:\WINDOWS\system32\qklwroge.0xe
C:\WINDOWS\system32\QWERTY12.0XE
C:\WINDOWS\system32\gvlwsebk.0xe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bumjuxvi.0xe
C:\WINDOWS\system32\dmm.0xe
C:\WINDOWS\system32\drivers\etc\HOSTS.20060205-095847.0ACKUP
C:\WINDOWS\system32\gvlwsebk.0xe
C:\WINDOWS\system32\gxetwwvt.0xe
C:\WINDOWS\system32\iuykwgyd.0xe
C:\WINDOWS\system32\J7201531.0LL
C:\WINDOWS\system32\jcphynxe.0xe
C:\WINDOWS\system32\JYQBHBVG.0LL
C:\WINDOWS\system32\lgxoutyf.0ll
C:\WINDOWS\system32\neqjgqup.0xe
C:\WINDOWS\system32\OFCUGTEG.0LL
C:\WINDOWS\system32\PBHLFFVN.0LL
C:\WINDOWS\system32\PLBIBYEJ.0LL
C:\WINDOWS\system32\PSHMGSUU.0LL
C:\WINDOWS\system32\ptshjbdv.0ll
C:\WINDOWS\system32\qklwroge.0xe
C:\WINDOWS\system32\qmoiikvp.0ll
C:\WINDOWS\system32\QWERTY12.0XE
C:\WINDOWS\system32\STEAM.0LL
C:\WINDOWS\system32\TLUVNDFC.0LL
C:\WINDOWS\system32\ttxnxjtn.0ll
C:\WINDOWS\system32\ubopgxge.0ll
C:\WINDOWS\system32\ucqgjeky.0xe
C:\WINDOWS\system32\UEUICJFD.0LL
C:\WINDOWS\system32\VMAKRHWK.0XE
C:\WINDOWS\system32\wejwgleg.0ll
C:\WINDOWS\system32\xeifmljg.0xe
C:\WINDOWS\system32\yhksyhmc.0ll
C:\WINDOWS\system32\ypjycewq.0xe
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-12 21:42 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-12 20:05 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris
2007-08-12 11:40 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-11 08:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 21:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UWAS6_0001_N68M2301] C:\Documents and Settings\francois\Local Settings\Temporary Internet Files\Content.IE5\CH012B8T\WinAntiSpyware2006FreeInstall[1"="exe -nag" []
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49]
"FSASWREG"="C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe" [2004-11-04 14:03]
"News Service"="C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" []
"F-Secure TNB"="C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" [2004-09-17 13:59]
"F-Secure Manager"="C:\Program Files\Securitoo\Av_Fw\Common\FSM32.exe" [2004-12-22 12:28]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"eTrust Realtime Monitor"="C:\WINDOWS\System32\realmon.exe" []
"Recguard"="C:\Program Files\HP\recguard.exe" []
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.exe" [2005-03-16 17:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [2003-05-16 17:09]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"3capplnk"="C:\Program Files\US Robotics\\3capplnk.exe" []
"WIRESS"="C:\Program Files\WIRESS\rssfeed.exe" []
"REAL"="C:\Program Files\REAL\realjbox.exe" []
"LocalProxy"="C:\Program Files\LocalProxy\proxy4free.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-12 10:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-08 21:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2006-07-23 11:59:54]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2004-05-01 22:19:27]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-09-01 12:45:45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"<NO NAME>"= {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl [ ]
"WebCheck"= {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl [ ]
"Dossier du Bureau pour l'écriture de CD"= {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl [ ]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\System32\drivers\fsdfw.sys
R2 acernbm;acernbm;C:\WINDOWS\System32\drivers\acernbm.sys
R2 BackWeb Plug-in - 8520111;Securitoo Antivirus Firewall;C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSrec.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\ZDPSp50.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\System32\DRIVERS\msdv.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS
S3 POWERKEY;POWERKEY;\??\C:\Progra~1\Launch Manager\POWERKEY.sys
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver;C:\WINDOWS\System32\DRIVERS\usb8023.sys
S3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;C:\WINDOWS\System32\Drivers\USB650C.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\System32\ZDCndis5.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\ZDPNDIS5.SYS
Contents of the 'Scheduled Tasks' folder
2007-08-13 03:50:38 C:\WINDOWS\Tasks\Scheduled scanning task.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-13 08:30:22
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13 8:31:53
C:\ComboFix-quarantined-files.txt ... 2007-08-13 08:31
C:\ComboFix3.txt ... 2007-08-11 21:55
C:\ComboFix2.txt ... 2007-08-12 09:59
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 08:54:56, on 13/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\francois\Local Settings\Temporary Internet Files\Content.IE5\CH012B8T\WinAntiSpyware2006FreeInstall[1] exe" -nag
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Program Files\HP\recguard.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [3capplnk] C:\Program Files\US Robotics\\3capplnk.exe
O4 - HKLM\..\Run: [WIRESS] C:\Program Files\WIRESS\rssfeed.exe
O4 - HKLM\..\Run: [REAL] C:\Program Files\REAL\realjbox.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O21 - SSODL: Dossier du Bureau pour l'écriture de CD - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl (file missing)
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl (file missing)
O21 - SSODL: Dossier du Bureau pour l'écriture de CD - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe