Virus très virulent !!!

chouchou95 · le 3 juillet 2007

Bonsoir

je vais vous rassurer tout de suite

les logiciels utilisés pour les desinfection ne "pourissent"pas votre PC mais le soigne .

Vous pouvez Supprimer CLEAN et son rapport

je vous conseil de garder AD-aware

Vous aviez des infections lisibles ds votre Hijack, je souhaire savoir ce qu'il reste à nettoyer= merci de me poster un nouveau Hijack

salutations

Voici le rapport :

Logfile of HijackThis v1.99.1

Scan saved at 23:23:31, on 03/07/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [service Pack 1] C:\WINDOWS\System32\vexg6ame4.exe

O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe

O4 - HKCU\..\Run: [resvsio] C:\WINDOWS\System32\atsdisc.exe

O4 - HKCU\..\Run: [vcmicrec] C:\WINDOWS\System32\msccsed.exe

O4 - HKCU\..\Run: [netasv2] C:\WINDOWS\System32\regpmdnw.exe

O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\System32\dllpzzrv.exe

O4 - HKCU\..\Run: [audlmne32] C:\WINDOWS\System32\dcmsxe.exe

O4 - HKCU\..\Run: [beadsofti] C:\WINDOWS\System32\iwssv32.exe

O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183235248983

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\WgaLogon.dll

O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Fichiers communs\winctl.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Lien Rag · le 3 juillet 2007

Oki

relance Hijack " Do a scan only " et selectionne

O4 - HKCU\..\Run: [vcmicrec] C:\WINDOWS\System32\msccsed.exe

O4 - HKCU\..\Run: [audlmne32] C:\WINDOWS\System32\dcmsxe.exe

click Fix checked

ensuite desinstalle AVAST et Installe Antivir

http://www.malekal.com//tutorial_antivir.php

lance un scan complet Antivir

finis avec ceci

scan panda en ligne

préalablement , desactive antivirus actuel

Une fois sur le site Panda

décoche la case "me tenir au courant des dernières nouvelles ..." avant de lancer le scan, pour ne pas reçevoir de mails de leur part.

accepte de renseigner les champs, effectue le scan , poste le rapport de scan dans prochain message

details Panda use:

"Analyser votre pc" -> "suivant" -> remplir adresse mail -> Pays/Etat-région -> envoyer -> laisser se dérouler le téléchargement du contrôle ActiveX -> sélectionner "Poste de Travail" -> fermer la popup

Lien Rag · le 4 juillet 2007

Oki

relance Hijack " Do a scan only " et selectionne

O4 - HKCU\..\Run: [vcmicrec] C:\WINDOWS\System32\msccsed.exe

O4 - HKCU\..\Run: [audlmne32] C:\WINDOWS\System32\dcmsxe.exe

click Fix checked

ensuite desinstalle AVAST et Installe Antivir

http://www.malekal.com//tutorial_antivir.php

lance un scan complet Antivir

puis

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

-Redémarre ton ordinateur

-Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

-A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

-Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

-Choisis ton compte.

Déroule la liste des instructions ci-dessous :

-Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

-Appuie sur Y pour commencer le processus de nettoyage.

-Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

-Appuie sur une touche pour redémarrer le PC.

-Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

-Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

-Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

-Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

-Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

N.B.:

- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.

- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

Télécharge ComboFix (créé par sUBs) sur ton Bureau

- Double clique combofix.exe.

- Tape sur la touche Y (Yes) pour démarrer le scan.

- ComboFix redémarrera ton PC

- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

chouchou95 · le 4 juillet 2007

J'ai effacé les 2 fichiers msccsed.exe + dcmsxe.exe

rapport antivir, j'ai supprimé les fichiers en quarantaine :

AntiVir PersonalEdition Classic

Report file date: mercredi 4 juillet 2007 19:50

Scanning for 863833 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (plain) [5.1.2600]

Username: pascale

Computer name: MAISON

Version information:

BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54

LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04

LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58

ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 17:46:08

ANTIVIR2.VDF : 6.39.0.76 1002496 Bytes 29/06/2007 17:46:09

ANTIVIR3.VDF : 6.39.0.96 121344 Bytes 04/07/2007 17:46:09

AVEWIN32.DLL : 7.4.0.37 2482688 Bytes 04/07/2007 17:46:09

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.13 360488 Bytes 04/07/2007 17:46:10

AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05

AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18

RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:

Jobname..........................: Manual Selection

Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: G:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: mercredi 4 juillet 2007 19:50

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'lanceur.exe' - '1' Module(s) have been scanned

Scan process 'MOTIVE~1.EXE' - '1' Module(s) have been scanned

Scan process 'mpbtn.exe' - '1' Module(s) have been scanned

Scan process 'lecompagnonclub.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'gnotify.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'CFD.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'Wf2k.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'SAgent2.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '0' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

41 processes with 41 modules were scanned

Start scanning boot sectors:

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '30' files ).

Starting the file scan:

Begin scan in 'A:\'

Search path A:\ could not be opened!

Le périphérique n'est pas prêt.

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\xx1232255.exe

[DETECTION] Contains signature of the worm WORM/Zhelatin.Gen

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\1.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\10.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\11.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\12.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de5b.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\13.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\14.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de65.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\16.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\18.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de70.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\1A.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\1B.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de82.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\1D.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\1E.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de8d.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\2.dllb

[DETECTION] Is the Trojan horse TR/Dldr.BraveSent.N

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\2.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.87

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\20.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\21.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\22.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de8a.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\24.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de8f.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\26.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\27.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9de98.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\29.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\2A.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9dea8.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\2B.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9deab.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\2C.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\2D.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9deb4.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\2F.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\3.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\30.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9deac.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\32.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.bwr.4

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\34.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\35.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\37.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46b9debf.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\3B.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\3C.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.bwr.7

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\4.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46ffdebf.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\6.dllb

[DETECTION] Is the Trojan horse TR/Small.DBY.LH.8

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\6.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.87

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\7.dllb

[DETECTION] Is the Trojan horse TR/Dldr.Tibs.DL

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\7.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\8.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46ffdecd.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\A.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46ffded0.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\B.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.87

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\C.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temp\D.tmp

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '46ffded9.qua'!

C:\Documents and Settings\pascale\Local Settings\Temp\v5x4.ga2me

[DETECTION] Is the Trojan horse TR/Peed.OL.16

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\K5YB4XMV\giteleschaumes[1].htm

[DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud

[iNFO] The file was moved to '46ffdf54.qua'!

C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\P5XPW61T\chambres[1].html

[DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\P5XPW61T\giteleschaumes[1]

[DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud

[iNFO] The file was deleted!

C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\XDNIDWFG\conseilspratiques[1].html

[DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud

[iNFO] The file was deleted!

C:\WINDOWS\system32\logi.exe.exe

[DETECTION] Is the Trojan horse TR/Small.DBY.DB

[iNFO] The file was deleted!

C:\WINDOWS\system32\svchost.exe:exe.exe

[DETECTION] Is the Trojan horse TR/Obfuscated.GL.38

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\asc3550u.sys

[DETECTION] Is the Trojan horse TR/Proxy.Agent.MX.2

[iNFO] The file was deleted!

Begin scan in 'D:\' <Vidéos et Musique>

Begin scan in 'E:\' < Photo Jeux Films1>

Begin scan in 'F:\'

Search path F:\ could not be opened!

Le périphérique n'est pas prêt.

Begin scan in 'G:\'

Search path G:\ could not be opened!

Le périphérique n'est pas prêt.

End of the scan: mercredi 4 juillet 2007 20:37

Used time: 46:44 min

The scan has been done completely.

2782 Scanning directories

194231 Files were scanned

53 viruses and/or unwanted programs were found

17 classified as suspicious:

35 files were deleted

0 files were repaired

18 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

194161 Files not concerned

3102 Archives were scanned

1 Warnings

33 Notes

0 Hidden objects were found

Rapport SDFIX

SDFix: Version 1.89

Run by pascale on 04/07/2007 at 21:01

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:

runtime

runtime2

ImagePath:

\??\C:\WINDOWS\System32\drivers\runtime.sys

\??\C:\WINDOWS\System32\drivers\runtime2.sys

runtime2 - Deleted

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\pascale\Application Data\Install.dat - Deleted

C:\WINDOWS\system32\5_exception.nls - Deleted

C:\WINDOWS\system32\mstscex.dll - Deleted

C:\WINDOWS\system32\oleauth32.dll - Deleted

C:\WINDOWS\wpcjmd.log - Deleted

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS

C:\WINDOWS

No streams found.

Checking C:\WINDOWS\system32

C:\WINDOWS\system32

No streams found.

Checking C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\System32\\regpmdnw.exe"="C:\\WINDOWS\\System32\\regpmdnw.exe:*:Enabled:Server"

"C:\\WINDOWS\\System32\\dllpzzrv.exe"="C:\\WINDOWS\\System32\\dllpzzrv.exe:*:Enabled:Server"

"C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\System32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\WINDOWS\\System32\\regpmdnw.exe"="C:\\WINDOWS\\System32\\regpmdnw.exe:*:Enabled:Server"

"C:\\WINDOWS\\System32\\dllpzzrv.exe"="C:\\WINDOWS\\System32\\dllpzzrv.exe:*:Enabled:Server"

Remaining Files:

---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\paging.sys

C:\WINDOWS\LastGood.Tmp\INF\oem1.inf

C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF

C:\WINDOWS\LastGood.Tmp\INF\oem2.inf

C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF

C:\WINDOWS\LastGood.Tmp\INF\oem3.inf

C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF

C:\WINDOWS\LastGood.Tmp\INF\oem4.inf

C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF

C:\WINDOWS\LastGood.Tmp\INF\oem5.inf

C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

Finished

Rapport Combofix :

"pascale" - 2007-07-04 21:23:45 - ComboFix 07-07-04.4 [sAFE MODE]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP

C:\DOCUME~1\pascale\APPLIC~1\Microsoft\20509.dat

C:\Documents and Settings\All Users.\documents\settings

((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

2007-07-04 21:22 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-04 21:00 <REP> d-------- C:\WINDOWS\ERUNT

2007-07-04 19:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic

2007-07-03 22:20 <REP> d-------- C:\Program Files\Lavasoft

2007-07-03 22:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-07-03 22:19 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-07-03 18:57 <REP> d-------- C:\WINDOWS\pss

2007-07-02 19:58 24,064 -r-hs---- C:\paging.sys

2007-07-02 19:58 24,064 --a------ C:\Program Files\Fichiers communs\winctl.dll

2007-07-01 14:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-06-30 23:21 17,180,760 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe

2007-06-30 20:17 1,272,712 --a------ C:\Program Files\WindowsXP-KB927891-v3-x86-FRA.exe

2007-06-30 19:55 553,687 --a------ C:\Program Files\RegCleaner.exe

2007-06-30 19:54 <REP> d-------- C:\Program Files\RegCleaner

2007-06-30 19:52 506,140 --a------ C:\Program Files\HijackThisFR.exe

2007-06-30 19:52 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2007-06-29 22:17 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-06-29 22:17 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-06-29 22:17 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-06-29 22:17 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-06-29 22:17 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys

2007-06-29 22:17 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-06-29 22:17 <REP> d-------- C:\Program Files\Spyware Doctor

2007-06-29 22:17 <REP> d-------- C:\DOCUME~1\pascale\APPLIC~1\PC Tools

2007-06-29 00:58 <REP> d-------- C:\DOCUME~1\pascale\APPLIC~1\Lavasoft

2007-06-28 16:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 19:10:42 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat

2007-07-04 19:10:42 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat

2007-07-01 18:59:02 -------- d-----w C:\Program Files\QuickTime

2007-07-01 18:57:35 -------- d-----w C:\Program Files\Messenger

2007-07-01 18:56:09 -------- d-----w C:\Program Files\Google

2007-06-30 21:59:11 -------- d-----w C:\Program Files\Hijackthis Version Française

2007-06-28 13:18:14 12,800 ----a-w C:\WINDOWS\system32\svchost.exe

2007-05-31 13:46:56 -------- d-----w C:\DOCUME~1\pascale\APPLIC~1\Ahead

2007-05-23 17:35:08 -------- d-----w C:\Program Files\Fichiers communs\Ahead

2007-05-23 17:35:06 -------- d-----w C:\Program Files\Nero

2007-05-22 19:01:53 -------- d-----w C:\Program Files\MSN Messenger

2007-05-22 18:26:13 -------- d-----w C:\Program Files\AskTBar

2007-05-18 08:40:49 -------- d-----w C:\DOCUME~1\pascale\APPLIC~1\Google

2007-05-16 15:27:05 19,392 ----a-w C:\DOCUME~1\pascale\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-04-28 20:40:03 14,861,256 ----a-w C:\Program Files\setupfre1.exe

2007-04-28 20:37:17 15,086,296 ----a-w C:\Program Files\setupfrepro.exe

2007-04-28 20:37:14 408,192 ----a-w C:\Program Files\aswclnr.exe

2007-04-21 10:32:01 19,127,288 ----a-w C:\Program Files\gcard.exe

2007-04-20 18:32:52 299,288 ----a-w C:\Program Files\GmailInstaller.exe

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 20:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

2007-04-14 19:58:54 123,392 ----a-w C:\WINDOWS\system32\itss.dll

2007-04-14 19:52:55 257,536 ----a-w C:\WINDOWS\system32\mstask.dll

2007-04-14 19:52:54 9,728 ----a-w C:\WINDOWS\system32\mstinit.exe

2007-04-14 19:52:54 48,640 ----a-w C:\WINDOWS\system32\browser.dll

2007-04-14 19:52:54 161,280 ----a-w C:\WINDOWS\system32\schedsvc.dll

2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-04-09 20:29:17 6,652,812 ----a-w C:\Program Files\sld.codec.pack.2.2.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2001-04-16 17:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]

2007-05-22 19:23 57344 --a------ C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-05-17 14:19 2436160 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-07-02 19:28 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinFast2KLoadDefault"="wf2kcpl.dll" [2002-10-24 14:43 C:\WINDOWS\system32\WF2KCPL.dll]

"SoundMan"="SOUNDMAN.EXE" [2002-09-11 04:57 C:\WINDOWS\SOUNDMAN.EXE]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-05 21:00]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16]

"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]

"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-16 22:24]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 19:28]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]

"ppsmcs"="sqvx5gamet2.exe" []

"beadsofti"="C:\WINDOWS\System32\iwssv32.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{009541A0-3B00-1F1C-00F3-040224009C02}"="C:\Program Files\Fichiers communs\winctl.dll" [2007-07-02 19:58]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

rundll32 iesetup.dll,IEAccessUserInst

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-04 21:25:26

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Driver]

"ImagePath"="\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgAsCln]

"ImagePath"="System32\DRIVERS\AvgAsCln.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WINFOXIO]

"ImagePath"="\??\C:\WINDOWS\System32\Drivers\WINFOXIO.SYS"

Completion time: 2007-07-04 21:26:02

C:\ComboFix-quarantined-files.txt ... 2007-07-04 21:25

--- E O F ---

Puis rapport Hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 21:27:49, on 04/07/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe