Walmas

Membres

Afficher le profil Afficher son activité

Compteur de contenus
10
Inscription
le 8 janvier 2008
Dernière visite
le 13 janvier 2008

Autres informations

Mes langues
(un tout petit peu d'anglais)

Walmas's Achievements

Junior Member (3/12)

Réputation sur la communauté

Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

Encore une fois , merci enormement
- le 12 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

on dirai que c'est comme neuf a premiere vue (je ne suis pas un expert ) je repasserai si j'ai encore 2-3 trucs a faires mais dans tout les cas MERCI BEAUCOUP (puis-je désinstaller combofix?)
- le 11 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

1er rapport combofix : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-11 16:37:45.7 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.622 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt * Created a new restore point FILE C:\Program Files\Skype\Phone\Skype .exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Skype\Phone\Skype .exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))))))) . 2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-11 16:34 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 15:39 929,824 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-11 15:28 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-10 22:02 13,772 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2008-01-04 22:00 --------- d-----w C:\Program Files\GSI 2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux 2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-10 16:09 --------- d-----r C:\Program Files\Musics 2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 ))))))))))))))))))))))))))))))))))))))))) . - 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll - 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-11 15:27:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224] "phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-11 16:28] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 16:40:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-11 16:40:37 ComboFix-quarantined-files.txt 2008-01-11 15:40:34 ComboFix2.txt 2008-01-10 19:47:55 ComboFix3.txt 2008-01-10 19:36:50 ComboFix4.txt 2008-01-10 18:11:33 ComboFix5.txt 2008-01-09 20:24:45 . 2008-01-09 17:26:40 --- E O F --- rapport HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:28, on 11/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Dit.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vphc600.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\HJT\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7128 bytes antivir scan : AntiVir PersonalEdition Classic Report file date: vendredi 11 janvier 2008 17:44 Scanning for 1027093 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Christophe CHEVRIAUX Computer name: CC-5DEED6F4546C Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:50:41 ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 15:50:41 ANTIVIR3.VDF : 7.0.1.226 147968 Bytes 11/01/2008 15:50:41 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 11/01/2008 15:50:41 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 11/01/2008 15:50:41 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Start of the scan: vendredi 11 janvier 2008 17:44 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '38' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\Trend Micro\HijackThis\backups\backup-20080108-174232-828.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! End of the scan: vendredi 11 janvier 2008 19:11 Used time: 1:27:06 min The scan has been done completely. 4469 Scanning directories 409246 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 409245 Files not concerned 2100 Archives were scanned 1 Warnings 1 Notes 2eme rapport combofix apres le scan d'antivir : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-11 19:19:08.8 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.595 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))))))) . 2008-01-11 16:49 . 2008-01-11 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-11 19:19 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 18:21 983,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-11 18:15 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-11 16:00 14,444 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2008-01-04 22:00 --------- d-----w C:\Program Files\GSI 2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux 2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-10 16:09 --------- d-----r C:\Program Files\Musics 2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224] "phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360] C:\Documents and Settings\All Users\Menu Dâ€šmarrer\Programmes\Dâ€šmarrage\ Dâ€šmarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-11 19:15] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 19:21:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-11 19:21:53 ComboFix2.txt 2008-01-11 15:40:38 . 2008-01-09 17:26:40 --- E O F --- (lors du scan d'antivi les 3 processus que vous m'avez demander de terminer ne s'étaient pas afficher mais taskmgr était bien actif lui)
- le 11 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

Rapport combo fix : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-10 20:39:50.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt * Created a new restore point FILE C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))))))) . 2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-10 20:43 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-10 20:59 . 2008-01-04 23:00 <REP> d-------- C:\Program Files\GSI 2007-12-10 17:03 . 2007-12-30 15:24 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-10 17:01 . 2007-12-10 17:09 <REP> dr------- C:\Program Files\Musics . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-10 19:43 878,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-10 19:41 13,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-10 19:33 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . <pre> ----a-w 21,760,296 2007-12-23 14:42:55 C:\Program Files\Skype\Phone\Skype .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 ))))))))))))))))))))))))))))))))))))))))) . - 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll - 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-10 19:44:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3f4.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224] "phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-10 20:44] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 20:44:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-10 20:47:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-10 19:47:52 ComboFix2.txt 2008-01-10 19:36:50 ComboFix3.txt 2008-01-10 18:11:33 ComboFix4.txt 2008-01-09 20:24:45 ComboFix5.txt 2008-01-09 13:06:54 . 2008-01-09 17:26:40 --- E O F --- et rapport HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:51:51, on 10/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Dit.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vphc600.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7142 bytes (y a toujour un récalcitrant, Skype est un progiciel me permettant de discuter en ligne avec amis et familles) Pour les info demander : Avant de venir poster ici j'ai fait une analyse avec avast en Scan minutieux avec scan des archives, puis j'ai planifier un scan au démarrage, et apres j'ai fait tout un tas de scan en ligne me doutant qu'avast n'avait pas tout détecté, kapersky et panda m'on detecter plein d'autres bebete (38 ou 48 je sais plus combien), j'ai fait des recherche sur chacuns des trojan, virus , vers |(et droppers eventuelles se trouvant sur mon pc)|, Puis éliminer chacunes de ces bebetes moi meme en suivant les instruction et en vérifiant qu'il ne s'agit pas de proccesuss legitime, de fichier important , ect .... apres pour les 4 dernieres bebetes, je n'arrivait pas à les virer j'ai donc suivi des instructions se trouvant sur votre forum decouvert qu'il s'agissai de vundo, j'ai donc virer 3 des 4 bebetes restantes il ne me restai plsu que le fichier efcbaay.dll que tu m'a aider a faire partir, donc mon probleme d'origine est regler , de se qui concerne Avast je ne suis pas partisant mais malheureusement je ne suis pas seul utilisateur de cet ordinateur (sinon il y a longtemps que j'aurai mis Nod 32 ou f-secur) donc je ne pense pas pouvoir mettre antivir a cause des autres utilisateur qui n'arriveraient pas à se servir et se familiarisé avec un programme antivirus en anglais voila j'espere n'avoir oublier aucun points. Journal d'avast : là il ne s'agit que des avertissement, tout se qui ets Ficher ici n'es pas entrer sur l'ordinateur(normalement). 06/12/2007 14:36:18 Christophe CHEVRIAUX 1492 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E. 06/12/2007 23:26:26 SYSTEM 1584 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://download.betanews.com/download/1094...klcodec357f.exe (C:\WINDOWS\TEMP\_avast4_\unp102049467.tmp) returning error, 0000001E. 08/12/2007 08:16:47 Christophe CHEVRIAUX 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E. 08/12/2007 12:51:39 Christophe CHEVRIAUX 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E. 14/12/2007 00:10:21 Èâ€™|Hðâ€˜¤à< 1480 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 14/12/2007 00:10:21 Èâ€™|Hðâ€˜¤à< 1480 An error has occured while attempting to update. Please check the logs. 14/12/2007 10:00:28 Christophe CHEVRIAUX 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E. 16/12/2007 14:17:57 SYSTEM 1476 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: E:\Program Files\WinRAR\rarext.dll (E:\Program Files\WinRAR\rarext.dll) returning error, 0000001E. 16/12/2007 21:41:46 SYSTEM 1476 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 16/12/2007 21:41:46 SYSTEM 1476 An error has occured while attempting to update. Please check the logs. 25/12/2007 19:09:11 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\VVSNInst.exe\VVSN.exe" file. 25/12/2007 19:09:46 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\VVSNInst.exe" file. 25/12/2007 19:09:49 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file. 25/12/2007 19:09:53 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file. 25/12/2007 19:09:55 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\NNSUNA3_88.exe" file. 25/12/2007 19:09:56 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{sys}\RKInstaller.exe" file. 25/12/2007 19:10:01 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\VVSNInst.exe\VVSN.exe" file. 25/12/2007 19:10:54 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\VVSNInst.exe" file. 25/12/2007 19:10:55 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file. 25/12/2007 19:10:56 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file. 25/12/2007 19:10:57 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\NNSUNA3_88.exe" file. 25/12/2007 19:10:57 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{sys}\RKInstaller.exe" file. 25/12/2007 19:11:03 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\VVSNInst.exe\VVSN.exe" file. 25/12/2007 19:11:08 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\VVSNInst.exe" file. 25/12/2007 19:11:09 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file. 25/12/2007 19:11:11 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file. 25/12/2007 19:11:11 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\NNSUNA3_88.exe" file. 25/12/2007 19:11:12 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{sys}\RKInstaller.exe" file. 25/12/2007 19:19:53 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\VVSNInst.exe\VVSN.exe" file. 25/12/2007 19:19:56 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\VVSNInst.exe" file. 25/12/2007 19:19:57 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file. 25/12/2007 19:19:59 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file. 25/12/2007 19:20:00 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\NNSUNA3_88.exe" file. 25/12/2007 19:20:01 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{sys}\RKInstaller.exe" file. 25/12/2007 19:20:03 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\VVSNInst.exe\VVSN.exe" file. 25/12/2007 19:20:05 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\VVSNInst.exe" file. 25/12/2007 19:20:06 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file. 25/12/2007 19:20:07 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file. 25/12/2007 19:20:07 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\NNSUNA3_88.exe" file. 25/12/2007 19:20:08 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{sys}\RKInstaller.exe" file. 25/12/2007 19:20:13 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\VVSNInst.exe\VVSN.exe" file. 25/12/2007 19:20:17 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\VVSNInst.exe" file. 25/12/2007 19:20:19 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file. 25/12/2007 19:20:20 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file. 25/12/2007 19:20:20 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\NNSUNA3_88.exe" file. 25/12/2007 19:20:21 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{sys}\RKInstaller.exe" file. 01/01/2008 01:17:10 Christophe CHEVRIAUX 3344 Sign of "Win32:Agent-PCJ [Adw]" has been found in "c:\windows\system32\gqgtoivs.exe" file. 01/01/2008 01:18:13 Christophe CHEVRIAUX 3668 Sign of "Win32:Agent-PCJ [Adw]" has been found in "c:\windows\system32\gqgtoivs.exe" file. 01/01/2008 01:18:51 Christophe CHEVRIAUX 3944 Sign of "Win32:Agent-PCJ [Adw]" has been found in "c:\windows\system32\gqgtoivs.exe" file. 01/01/2008 01:25:15 Christophe CHEVRIAUX 3648 Sign of "Win32:Agent-PCJ [Adw]" has been found in "C:\Documents and Settings\Christophe CHEVRIAUX\Local Settings\Temporary Internet Files\Content.IE5\UJRYG61Z\gamadril20071203[1]" file. 01/01/2008 01:29:31 SYSTEM 476 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 01/01/2008 01:29:36 SYSTEM 476 An error has occured while attempting to update. Please check the logs. 01/01/2008 03:06:30 Christophe CHEVRIAUX 3648 Sign of "Win32:Agent-PCJ [Adw]" has been found in "C:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP69\A0013189.exe" file. 01/01/2008 03:25:08 Christophe CHEVRIAUX 3648 Sign of "Win32:Agent-PCJ [Adw]" has been found in "C:\WINDOWS\system32\trz21.tmp" file. 04/01/2008 23:40:29 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file. 04/01/2008 23:41:03 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:41:14 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:41:31 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file. 04/01/2008 23:41:46 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file. 04/01/2008 23:41:51 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:41:59 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:42:06 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:42:11 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:42:33 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file. 04/01/2008 23:42:37 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:46:23 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:46:30 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:46:38 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:46:49 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:47:23 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:47:36 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:47:43 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:47:47 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:47:52 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:47:56 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:48:01 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:48:20 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 04/01/2008 23:48:45 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 05/01/2008 01:42:17 Christophe CHEVRIAUX 196 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqq.dll" file. 05/01/2008 09:41:32 Christophe CHEVRIAUX 152 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvt.dll" file. 05/01/2008 10:41:32 Christophe CHEVRIAUX 152 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyw.dll" file. 05/01/2008 16:39:53 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyw.dll" file. 05/01/2008 17:39:51 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtst.dll" file. 05/01/2008 18:39:52 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqn.dll" file. 05/01/2008 19:39:54 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geeba.dll" file. 05/01/2008 19:42:20 Christophe CHEVRIAUX 220 Sign of "Win32:Virut" has been found in "C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TFR3D.tmp\[email protected]" file. 05/01/2008 20:39:54 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaba.dll" file. 05/01/2008 21:39:55 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtstt.dll" file. 05/01/2008 22:39:57 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjk.dll" file. 05/01/2008 23:39:58 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtutq.dll" file. 06/01/2008 00:40:00 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaba.dll" file. 06/01/2008 09:09:13 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file. 06/01/2008 09:12:39 Christophe CHEVRIAUX 160 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E. 06/01/2008 10:09:13 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcca.dll" file. 06/01/2008 11:09:14 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geedc.dll" file. 06/01/2008 12:09:15 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvv.dll" file. 06/01/2008 14:12:16 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtst.dll" file. 06/01/2008 15:23:09 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file. 06/01/2008 16:23:09 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhe.dll" file. 06/01/2008 17:23:10 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjh.dll" file. 06/01/2008 18:23:12 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayy.dll" file. 06/01/2008 19:23:13 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddabb.dll" file. 06/01/2008 20:23:13 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcd.dll" file. 06/01/2008 21:23:14 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqn.dll" file. 06/01/2008 22:23:21 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcca.dll" file. 07/01/2008 08:26:26 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhh.dll" file. 07/01/2008 09:26:26 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddabb.dll" file. 07/01/2008 10:26:27 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebya.dll" file. 07/01/2008 11:26:27 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhe.dll" file. 07/01/2008 12:26:29 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqp.dll" file. 07/01/2008 13:26:30 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file. 07/01/2008 16:51:51 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmn.dll" file. 07/01/2008 18:00:06 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file. 07/01/2008 19:00:06 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhe.dll" file. 07/01/2008 20:00:11 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqo.dll" file. 07/01/2008 21:00:09 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqq.dll" file. 07/01/2008 22:39:38 Christophe CHEVRIAUX 236 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjk.dll" file. 08/01/2008 12:23:40 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkji.dll" file. 08/01/2008 13:23:42 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file. 08/01/2008 14:53:07 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaya.dll" file. 08/01/2008 15:53:09 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtstq.dll" file. 08/01/2008 16:53:10 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsts.dll" file. 08/01/2008 17:49:21 Christophe CHEVRIAUX 1596 Sign of "EICAR Test-NOT virus!!" has been found in "http://tav.kaspersky.fr/test/level12.zip\LEVEL11.ZIP\LEVEL10.ZIP\LEVEL9.ZIP\LEVEL8.ZIP\LEVEL7.ZIP\LEVEL6.ZIP\LEVEL5.ZIP\LEVEL4.ZIP\LEVEL3.ZIP\LEVEL2.ZIP\LEVEL1.ZIP\eicar.exe" file. 08/01/2008 17:53:11 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstts.dll" file. 08/01/2008 19:44:24 Christophe CHEVRIAUX 1476 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjg.dll" file. Et ceci est le journal des erreur : 06/12/2007 14:36:18 Christophe CHEVRIAUX 1492 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E. 06/12/2007 18:28:40 Christophe CHEVRIAUX 2312 Scan of "D:\" area failed with 00000015 error (function avfilesScanReal failed). 06/12/2007 23:26:26 SYSTEM 1584 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://download.betanews.com/download/1094...klcodec357f.exe failed, 0000001E. 08/12/2007 08:16:47 Christophe CHEVRIAUX 1488 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E. 08/12/2007 12:51:39 Christophe CHEVRIAUX 1488 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E. 09/12/2007 00:19:55 Christophe CHEVRIAUX 4064 Scan of "E:\" area failed with 00000003 error (function avfilesScanReal failed). 09/12/2007 00:19:55 Christophe CHEVRIAUX 4064 Scan of "F:\" area failed with 00000003 error (function avfilesScanReal failed). 14/12/2007 10:00:28 Christophe CHEVRIAUX 1488 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E. 16/12/2007 14:17:57 SYSTEM 1476 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Program Files\WinRAR\rarext.dll failed, 0000001E. 28/12/2007 18:29:20 Christophe CHEVRIAUX 3748 Scan of "E:\" area failed with 00000003 error (function avfilesScanReal failed). 28/12/2007 18:29:21 Christophe CHEVRIAUX 3748 Scan of "F:\" area failed with 00000003 error (function avfilesScanReal failed). 06/01/2008 09:12:39 Christophe CHEVRIAUX 160 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E. je n'es rien d'autre.
- le 10 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

je vais refaire la manipulation en prioriter des fois que j'aille mal fait quelquechose et apres je repond a toutes tes questions.
- le 10 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

rapport combofix : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-10 19:03:11.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.614 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))))))) . 2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-10 19:03 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-10 20:59 . 2008-01-04 23:00 <REP> d-------- C:\Program Files\GSI 2007-12-10 17:03 . 2007-12-30 15:24 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-10 17:01 . 2007-12-10 17:09 <REP> dr------- C:\Program Files\Musics . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-10 18:06 817,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-10 18:05 12,692 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-10 15:33 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2004-07-22 09:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-09 13:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Program Files\DSETUP.dll 1999-04-06 11:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 01:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 01:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 01:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 01:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 01:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL . <pre> ----a-w 21,760,296 2007-12-23 14:42:55 C:\Program Files\Skype\Phone\Skype .exe ----a-w 919,016 2008-01-04 17:32:14 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 ))))))))))))))))))))))))))))))))))))))))) . - 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll - 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-10 18:06:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224] "phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-10 19:08] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 19:06:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-10 19:11:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-10 18:11:29 ComboFix2.txt 2008-01-09 20:24:45 ComboFix3.txt 2008-01-09 13:06:54 ComboFix4.txt 2008-01-08 19:33:28 . 2008-01-09 17:26:40 --- E O F --- Et rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:01, on 10/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Dit.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vphc600.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7175 bytes (si j'ai bien compris le principe du rapport combo, il ne veut pas reparer ces 2 fichier ;( )
- le 10 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

Voici pour SDFix le reste va suivre : SDFix: Version 1.125 Run by Christophe CHEVRIAUX on 09/01/2008 at 21:05 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-09 21:10:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2] "C040510900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Sat 1 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT12.tmp" Sat 7 Oct 2006 59,392 A..H. --- "C:\Program Files\GSI\Etude\Dossier_Etude\D‚marche_Etude\Recherche_Informations\~WRL2860.tmp" Voici combofix : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-09 21:17:31.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.626 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))))))) . 2008-01-09 21:03 . 2008-01-09 21:03 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-09 18:25 . 2008-01-09 18:25 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-09 21:18 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-10 20:59 . 2008-01-04 23:00 <REP> d-------- C:\Program Files\GSI 2007-12-10 17:03 . 2007-12-30 15:24 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-10 17:01 . 2007-12-10 17:09 <REP> dr------- C:\Program Files\Musics 2007-12-09 01:19 . 2007-12-09 01:19 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-09 01:09 . 2007-12-31 01:55 <REP> d-------- C:\Program Files\Jeux . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 20:21 489,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-09 20:21 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-09 20:19 8,876 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-09 16:05 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-09 15:09 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 18:31 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2007-12-07 17:10 --------- d-----w C:\Program Files\Azureus 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2004-07-22 09:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-09 13:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Program Files\DSETUP.dll 1999-04-06 11:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 01:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 01:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 01:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 01:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 01:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL . <pre> ----a-w 21,760,296 2007-12-23 14:42:55 C:\Program Files\Skype\Phone\Skype .exe ----a-w 919,016 2008-01-04 17:32:14 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-09 00:50:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-01-09 20:04:14 3,751,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-01-09 20:04:14 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-01-09 00:50:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-01-09 20:03:58 3,751,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-01-09 20:03:58 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll - 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 20:21:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_124.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224] "phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-09 21:21] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-09 21:21:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-09 21:24:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-09 20:24:42 ComboFix2.txt 2008-01-09 13:06:54 ComboFix3.txt 2008-01-08 19:33:28 . 2008-01-09 17:26:40 --- E O F --- ainsi que HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:28:47, on 09/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Dit.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vphc600.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7109 bytes Finished! Merci de vous occuper de moi au fait depuis le debut je ne vous est pas remercié ^^ et désoler de vous faire perdre du temps.
- le 9 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

Voici le rapport combofix : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-09 13:59:22.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.639 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\efcbaay.dll C:\WINDOWS\system32\VundoFixSVC.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\efcbaay.dll.bad C:\VundoFix Backups\jgaryhus.dll.bad C:\VundoFix Backups\jpcrgjyk.dll.bad C:\VundoFix Backups\kyjgrcpj.ini.bad C:\WINDOWS\system32\VundoFixSVC.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))))))) . 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-09 13:46 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-10 20:59 . 2008-01-04 23:00 <REP> d-------- C:\Program Files\GSI 2007-12-10 17:03 . 2007-12-30 15:24 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-10 17:01 . 2007-12-10 17:09 <REP> dr------- C:\Program Files\Musics 2007-12-09 01:19 . 2007-12-09 01:19 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-09 01:09 . 2007-12-31 01:55 <REP> d-------- C:\Program Files\Jeux . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 13:03 247,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-09 13:03 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-09 13:02 6,044 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-07 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-07 18:38 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 18:31 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2007-12-07 17:10 --------- d-----w C:\Program Files\Azureus 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll . <pre> ----a-w 21,760,296 2007-12-23 14:42:55 C:\Program Files\Skype\Phone\Skype .exe ----a-w 5,724,184 2007-12-25 16:00:33 C:\Program Files\Windows Live\Messenger\msnmsgr .exe ----a-w 5,724,184 2007-12-25 18:42:46 C:\Program Files\Windows Live\Messenger\msnmsgr .exe ----a-w 919,016 2008-01-04 17:32:14 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 ))))))))))))))))))))))))))))))))))))))))) . - 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-01-09 13:03:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224] "phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [ ] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-09 14:03] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-09 14:03:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-09 14:06:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-09 13:06:50 ComboFix2.txt 2008-01-08 19:33:28 . 2007-12-25 18:29:33 --- E O F --- et le Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10:25, on 09/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Dit.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vphc600.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7273 bytes et le can en ligne : Service load: 0% 100% File: srvdsgf.exe Status: OK MD5: 06203ba478ea92a51893f5225865de4a Packers detected: - Bit9 reports: File not found Scanner results Scan taken on 09 Jan 2008 13:13:22 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
- le 9 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a répondu à un(e) sujet de Walmas dans Analyses et éradication malwares

Alors, voici le rapport de combofix : ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-08 20:25:43.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.643 [GMT 1:00] Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\hosts C:\WINDOWS\system32\efcbaay.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\svhost.exe C:\WINDOWS\system32\uvvwa.ini C:\WINDOWS\system32\uvvwa.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))))))) . 2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT 2008-01-08 19:54 . 2008-01-08 19:55 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe 2008-01-08 18:37 . 2008-01-08 18:37 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-01-08 18:22 . 2008-01-08 18:37 <REP> d-------- C:\VundoFix Backups 2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe 2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun 2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll 2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll 2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games 2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series 2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll 2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk 2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo! 2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner 2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro 2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF 2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat 2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue 2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe 2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-26 00:55 . 2008-01-08 20:16 <REP> d-------- C:\WINDOWS\Internet Logs 2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites 2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps 2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600 .exe 2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe 2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm 2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET 2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache 2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0 2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles 2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP 2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp 2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys 2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP 2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat 2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2 2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-10 20:59 . 2008-01-04 23:00 <REP> d-------- C:\Program Files\GSI 2007-12-10 17:03 . 2007-12-30 15:24 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3 2007-12-10 17:01 . 2007-12-10 17:09 <REP> dr------- C:\Program Files\Musics 2007-12-09 01:19 . 2007-12-09 01:19 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead 2007-12-09 01:09 . 2007-12-31 01:55 <REP> d-------- C:\Program Files\Jeux . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 19:30 131,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-08 19:29 4,652 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-08 19:01 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-07 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype 2008-01-07 18:38 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM 2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip 2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2 2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer 2007-12-07 18:31 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus 2007-12-07 17:10 --------- d-----w C:\Program Files\Azureus 2007-12-07 14:28 --------- d-----w C:\Program Files\Java 2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer 2007-12-06 22:32 --------- d-----w C:\Program Files\DivX 2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX 2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic 2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic 2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield 2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 11:20 --------- d-----w C:\Program Files\Google 2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live 2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 09:55 --------- d-----w C:\Program Files\Skype 2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro 2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead 2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek 2007-12-01 08:29 --------- d-----w C:\Program Files\VIA 2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer 2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders 2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay 2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-11-30 23:20 --------- d-----w C:\Program Files\Philips 2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software 2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet 2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs 2007-11-30 22:41 --------- d-----w C:\Program Files\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive 2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files 2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP 2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump 2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware 2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne 2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2004-07-22 09:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-09 13:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Program Files\DSETUP.dll 1999-04-06 11:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 01:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 01:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 01:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 01:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 01:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL . <pre> ----a-w 79,224 2008-01-04 17:31:52 C:\Program Files\Alwil Software\Avast4\ashDisp .exe ----a-w 376,912 2008-01-04 17:31:51 C:\Program Files\BroadJump\Client Foundation\CFD .exe ----a-w 39,264 2007-12-25 20:08:12 C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20 .EXE ----a-w 68,856 2008-01-04 17:32:15 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 49,152 2008-01-04 17:32:06 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ----a-w 241,664 2008-01-04 17:32:11 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe ----a-w 132,496 2008-01-04 17:32:07 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 1,694,208 2007-12-30 14:10:55 C:\Program Files\Messenger\msmsgs .exe ----a-w 21,760,296 2007-12-23 14:42:55 C:\Program Files\Skype\Phone\Skype .exe ----a-w 5,724,184 2007-12-25 16:00:33 C:\Program Files\Windows Live\Messenger\msnmsgr .exe ----a-w 5,724,184 2007-12-25 18:42:46 C:\Program Files\Windows Live\Messenger\msnmsgr .exe ----a-w 5,724,184 2007-12-25 19:30:26 C:\Program Files\Windows Live\Messenger\msnmsgr .exe ----a-w 919,016 2008-01-04 17:32:14 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe ----a-w 339,968 2008-01-04 17:31:55 C:\WINDOWS\vphc600 .exe ----a-w 15,360 2008-01-01 03:03:43 C:\WINDOWS\system32\ctfmon .exe ----a-w 155,648 2007-12-27 19:32:42 C:\WINDOWS\system32\NeroCheck .exe </pre> ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792] "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "phc600"="C:\WINDOWS\vphc600.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [ ] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-08 20:01] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-06 15:41:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-12-26 03:08:25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 20:30:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-08 20:33:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-08 19:33:24 . 2007-12-25 18:29:33 --- E O F --- Ainsi que le rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:38:04, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7028 bytes Suite a une réutilisation de vundo fix j'ai eu un mini rapport de vundofix que voici : VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 18:22:26 08/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\efcbaay.dll C:\WINDOWS\system32\jgaryhus.dll C:\WINDOWS\system32\jpcrgjyk.dll C:\WINDOWS\system32\kyjgrcpj.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\efcbaay.dll C:\WINDOWS\system32\efcbaay.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\jgaryhus.dll C:\WINDOWS\system32\jgaryhus.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jpcrgjyk.dll C:\WINDOWS\system32\jpcrgjyk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kyjgrcpj.ini C:\WINDOWS\system32\kyjgrcpj.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\efcbaay.dll C:\WINDOWS\system32\efcbaay.dll Could not be deleted. Performing Repairs to the registry. Done! Donc si j'ai bien compris il ne reste plus qu'a trouver une solution pour le fichier : efcbaay.dll et mon pc serai à parement "clean" (hormis tout ce qui doit ne pas aller dans les rapports que j'ai poster ^^)
- le 8 janvier 2008
- 18 réponses
Virus, insuprimable

Walmas a posté un sujet dans Analyses et éradication malwares

Bonsoir, depuis maintenant 2 semaines j'ai remarquer par la biais d'analyse en lignes diverses et varier des virus sur mon ordinateur(sa doit beaucoup vous changer ), donc suite à de nombreuses lectures/recherches j'ai supprimé 38 virus de ma machine(oui c'est beaucoup, mais à la hauteur de mes bétises), mais malheureusement il m'en restai 3 que je n'arrivai pas à supprimer : efcbaay.dll jpcrgjyk.dll jgaryhus.dll Puis j'ai feuilleter votre forum installer vundoFix sur ma machine et il m'a trouver sa de plus à parement : kyjgrcpj.ini il s'agit de virus Win32 quelquechose. Lorsque je desire supprimer les fichiers .dll cité au dessus ils n'ont pas envient ;( j'ai pourtant suivi les procédures normales (mode sans echecs), les conseils du forum pour des sujets similaires, suivi a la lettre les instructions de vundofix, mais les fichiers ne veulent pas être delete car à parement ils sont en cours d'utilisation, ne sachant pas comment les supprimés avant d'arriver sur Windows et de les empêcher de s'activer je vient totalement depiter sur votre forum apres 2 semaines de batailles je capitule... Si quelqu'un peut m'adier à résoudre mon problème je suis tout ouîe , si besoin d'un rapport hijackthis ou autre dites le et je m'empresserai de le faire. merci d'avance
- le 8 janvier 2008
- 18 réponses

Connexion

Walmas

Compteur de contenus

Inscription

Dernière visite

Autres informations

Walmas's Achievements

Junior Member (3/12)

Réputation sur la communauté

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Virus, insuprimable

Zebulon

Outils en ligne

Naviguer