Tech Support Forum - View Single Post

kouye · 10-11-2007, 10:39 AM

Hi Tetonbob,
Good to "see" ou again. Here are the Combofix and HijackThis logs.
A bientôt.

ComboFix 07-10-11.5 - kouye 2007-10-11 18:24:35.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 2:00]
Running from: C:\Documents and Settings\kouye\bureau\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Johan\Application Data\MessengerSkinner
C:\Documents and Settings\Johan\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\WINDOWS\system32\xizdvfpbsu.dat
C:\WINDOWS\system32\xizdvfpbsu.exe
C:\WINDOWS\system32\xizdvfpbsu_nav.dat
C:\WINDOWS\system32\xizdvfpbsu_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))))))))
.

2007-10-11 18:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 08:24 <REP> d-------- C:\Program Files\MSXML 6.0
2007-10-08 18:59 <REP> d-------- C:\Documents and Settings\kouye\Application Data\IsolatedStorage
2007-10-08 18:59 1,682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-08 18:59 88 -r-hs---- C:\WINDOWS\system32\124FEE2AA2.sys
2007-10-08 18:55 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll
2007-10-08 18:55 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-10-08 18:55 94,208 --a------ C:\WINDOWS\system32\msvci70d.dll
2007-10-08 18:51 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-08 18:49 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-10-08 18:49 <REP> d-------- C:\Program Files\ACT
2007-10-08 18:49 <REP> d-------- C:\Documents and Settings\kouye\Application Data\ACT
2007-10-08 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACT
2007-10-08 18:08 <REP> d-------- C:\Deckard
2007-10-05 22:40 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-05 20:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-05 20:51 <REP> d---s---- C:\Documents and Settings\kouye\UserData
2007-10-03 17:28 <REP> d-------- C:\Program Files\Lavasoft
2007-10-03 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-03 17:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-03 17:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 16:30 <REP> d-------- C:\Program Files\sugarcrm-4.5.1e
2007-10-03 16:01 72,192 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 16:03 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-08 16:00 --------- d-----w C:\Documents and Settings\kouye\Application Data\ma-config.com
2007-10-03 15:31 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-03 15:31 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-26 16:37 339,968 ----a-w C:\WINDOWS\system32\chotdkcbs.exe
2007-08-26 10:14 336,896 ----a-w C:\WINDOWS\system32\wxyvcxot.exe
2007-08-26 09:52 323,584 ----a-w C:\WINDOWS\system32\idsgnwv.exe
2007-08-25 15:05 --------- d-----w C:\Program Files\QuickTime
2007-08-25 15:04 --------- d-----w C:\Program Files\Apple Software Update
2007-08-25 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-25 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-25 14:51 337,408 ----a-w C:\WINDOWS\system32\riligssxuk.exe
2007-08-25 11:33 336,384 ----a-w C:\WINDOWS\system32\spwbsg.exe
2007-08-25 08:46 340,480 ----a-w C:\WINDOWS\system32\rqiwsgjab.exe
2007-08-24 17:06 341,504 ----a-w C:\WINDOWS\system32\mtnvkjn.exe
2007-08-24 13:24 327,680 ----a-w C:\WINDOWS\system32\gdndsltoq.exe
2007-08-24 09:16 331,776 ----a-w C:\WINDOWS\system32\cohnlnyqg.exe
2007-08-23 20:38 334,848 ----a-w C:\WINDOWS\system32\mficltwjq.exe
2007-08-23 17:35 --------- d-----w C:\Program Files\Mindscape
2007-08-23 17:32 --------- d-----w C:\Program Files\Aventures sur l'Ile LEGO
2007-08-23 17:05 --------- d-----w C:\Program Files\InterActual
2007-08-23 12:54 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-23 12:53 --------- d-----w C:\Program Files\Datel
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-07-10 20:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 01:22 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Act.Outlook.Service"="C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 11:43]
"Act! Preloader"="C:\Program Files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 11:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 MSSQL$ACT7;SQL Server (ACT7);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-10 14:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 18:27:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 18:29:17
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:37, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 4333 bytes

10-11-2007, 10:39 AM	#3 (permalink)
kouye Registered User Join Date: Jan 2007 Location: Paris, France Posts: 298 OS: Win XP SP3, OS X 10.6	Re: Constant popups in IE 6 and Firefox 2 Hi Tetonbob, Good to "see" ou again. Here are the Combofix and HijackThis logs. A bientôt. ComboFix 07-10-11.5 - kouye 2007-10-11 18:24:35.1 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 2:00] Running from: C:\Documents and Settings\kouye\bureau\combofix.exe Command switches used :: /killall * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Johan\Application Data\MessengerSkinner C:\Documents and Settings\Johan\Application Data\MessengerSkinner\Userdata\languages_v2.xml C:\WINDOWS\system32\xizdvfpbsu.dat C:\WINDOWS\system32\xizdvfpbsu.exe C:\WINDOWS\system32\xizdvfpbsu_nav.dat C:\WINDOWS\system32\xizdvfpbsu_navps.dat . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))))))) . 2007-10-11 18:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-11 08:24 <REP> d-------- C:\Program Files\MSXML 6.0 2007-10-08 18:59 <REP> d-------- C:\Documents and Settings\kouye\Application Data\IsolatedStorage 2007-10-08 18:59 1,682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-10-08 18:59 88 -r-hs---- C:\WINDOWS\system32\124FEE2AA2.sys 2007-10-08 18:55 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll 2007-10-08 18:55 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-10-08 18:55 94,208 --a------ C:\WINDOWS\system32\msvci70d.dll 2007-10-08 18:51 <REP> d-------- C:\Program Files\Microsoft.NET 2007-10-08 18:49 <REP> d-------- C:\Program Files\Microsoft SQL Server 2007-10-08 18:49 <REP> d-------- C:\Program Files\ACT 2007-10-08 18:49 <REP> d-------- C:\Documents and Settings\kouye\Application Data\ACT 2007-10-08 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACT 2007-10-08 18:08 <REP> d-------- C:\Deckard 2007-10-05 22:40 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-05 20:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-05 20:51 <REP> d---s---- C:\Documents and Settings\kouye\UserData 2007-10-03 17:28 <REP> d-------- C:\Program Files\Lavasoft 2007-10-03 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-03 17:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-03 17:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-03 16:30 <REP> d-------- C:\Program Files\sugarcrm-4.5.1e 2007-10-03 16:01 72,192 --a------ C:\WINDOWS\system32\taskkill.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-08 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-08 16:03 --------- d-----w C:\Program Files\SpywareBlaster 2007-10-08 16:00 --------- d-----w C:\Documents and Settings\kouye\Application Data\ma-config.com 2007-10-03 15:31 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-10-03 15:31 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-26 16:37 339,968 ----a-w C:\WINDOWS\system32\chotdkcbs.exe 2007-08-26 10:14 336,896 ----a-w C:\WINDOWS\system32\wxyvcxot.exe 2007-08-26 09:52 323,584 ----a-w C:\WINDOWS\system32\idsgnwv.exe 2007-08-25 15:05 --------- d-----w C:\Program Files\QuickTime 2007-08-25 15:04 --------- d-----w C:\Program Files\Apple Software Update 2007-08-25 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-08-25 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-08-25 14:51 337,408 ----a-w C:\WINDOWS\system32\riligssxuk.exe 2007-08-25 11:33 336,384 ----a-w C:\WINDOWS\system32\spwbsg.exe 2007-08-25 08:46 340,480 ----a-w C:\WINDOWS\system32\rqiwsgjab.exe 2007-08-24 17:06 341,504 ----a-w C:\WINDOWS\system32\mtnvkjn.exe 2007-08-24 13:24 327,680 ----a-w C:\WINDOWS\system32\gdndsltoq.exe 2007-08-24 09:16 331,776 ----a-w C:\WINDOWS\system32\cohnlnyqg.exe 2007-08-23 20:38 334,848 ----a-w C:\WINDOWS\system32\mficltwjq.exe 2007-08-23 17:35 --------- d-----w C:\Program Files\Mindscape 2007-08-23 17:32 --------- d-----w C:\Program Files\Aventures sur l'Ile LEGO 2007-08-23 17:05 --------- d-----w C:\Program Files\InterActual 2007-08-23 12:54 --------- d-----w C:\Program Files\MSXML 4.0 2007-08-23 12:53 --------- d-----w C:\Program Files\Datel 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . Note les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 21:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2006-07-10 20:33 C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-03-02 01:22 C:\WINDOWS\soundman.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "Act.Outlook.Service"="C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 11:43] "Act! Preloader"="C:\Program Files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 11:38] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R2 MSSQL$ACT7;SQL Server (ACT7);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" Newly Created Service - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-10-10 14:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 18:27:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-11 18:29:17 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:33:37, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe" O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 4333 bytes