[resolu] je suis infecté par Vundo.Gen et par Dldr.ConHook.Gen

j.bud · le 26 août 2007

salut à tous,

je suis infecté par Vundo et Con Hook qu'avast à laisser passer. j'ai suivi la méthode de prédésinfection décrite dans le post épinglé.

je vous livre le rapport d'antivir

AntiVir PersonalEdition Classic

Report file date: samedi 25 août 2007 23:08

Scanning for 1034549 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: jérémie

Computer name: HOMÈRE

Version information:

BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54

LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04

LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 18:54:55

ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 18:54:55

ANTIVIR3.VDF : 6.39.1.44 2048 Bytes 25/08/2007 18:54:55

AVEWIN32.DLL : 7.4.1.63 2724352 Bytes 25/08/2007 18:54:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 25/08/2007 18:54:56

AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05

AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18

RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: samedi 25 août 2007 23:08

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'swdsvc.exe' - '1' Module(s) have been scanned

Scan process 'svcntaux.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

16 processes with 16 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Master boot sector HD2

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Master boot sector HD3

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Master boot sector HD4

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] In the drive 'G:\' no data medium is inserted!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

Boot sector 'J:\'

[NOTE] In the drive 'J:\' no data medium is inserted!

Starting to scan the registry.

The registry was scanned ( '23' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\jérémie\Mes documents\Downloads\Style XP\Style XP\StyleXP [cura]\Keygen.exe

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/PESpin). Please verify the origin of the file

[iNFO] The file was moved to '47499b65.qua'!

C:\WINDOWS\system32\pmkhh.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\vtuurpq.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\Tools\Restart.exe

[DETECTION] Contains signature of the SPR/Destart.A program

[iNFO] The file was deleted!

Begin scan in 'D:\' <ancien pc>

D:\réparation\SmitfraudFix\SmitfraudFix\Reboot.exe

[DETECTION] Contains signature of the SPR/Tool.Reboot.C program

[iNFO] The file was moved to '473348c4.qua'!

D:\réparation\SmitfraudFix\SmitfraudFix\restart.exe

[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program

[iNFO] The file was moved to '474448ca.qua'!

D:\réparation\style xp\Style.XP.v3.14b.WinXP2003.Incl.Keygen.WORKING-ECLiPSE\Style.XP.v3.14b.Keygen.zip

[0] Archive type: ZIP

--> eclsxp31.exe

[DETECTION] Contains signature of the SPR/Keygen.119808 program

[iNFO] The file was moved to '474a4966.qua'!

D:\réparation\style xp\Style.XP.v3.14b.WinXP2003.Incl.Keygen.WORKING-ECLiPSE\Style.XP.v3.14b.Keygen\eclsxp31.exe

[DETECTION] Contains signature of the SPR/Keygen.119808 program

[iNFO] The file was moved to '473d495e.qua'!

Begin scan in 'G:\'

Search path G:\ could not be opened!

Le périphérique n'est pas prêt.

Begin scan in 'H:\'

Search path H:\ could not be opened!

Le périphérique n'est pas prêt.

Begin scan in 'I:\'

Search path I:\ could not be opened!

Le périphérique n'est pas prêt.

Begin scan in 'J:\'

Search path J:\ could not be opened!

Le périphérique n'est pas prêt.

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

End of the scan: dimanche 26 août 2007 11:34

Used time: 12:26:11 min

The scan has been done completely.

5398 Scanning directories

267578 Files were scanned

8 viruses and/or unwanted programs were found

0 classified as suspicious:

1 files were deleted

0 files were repaired

5 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

267570 Files not concerned

4093 Archives were scanned

3 Warnings

0 Notes

0 Hidden objects were found

et le rapport de hjt

Logfile of HijackThis v1.99.1

Scan saved at 11:43:01, on 26/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\hijack this\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.pandasoftware.com

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1171598124125

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

merci de m'aider à me débarrasser de ces saloperies

J.Bud

Modifié le 28 août 2007 par j.bud

bruce lee · le 26 août 2007

Bonjour j.bud et bienvenue sur zebulon

Supprime ta version de HijackThis.

Télécharge HijackThisV2 sur ton bureau.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Double-clique sur HJTInstall.exe et suis les instructions d'installation.
Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
Poste le rapport généré sur le forum.

j.bud · le 26 août 2007

Bonjour j.bud et bienvenue sur zebulon

Supprime ta version de HijackThis.

Télécharge HijackThisV2 sur ton bureau.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Double-clique sur HJTInstall.exe et suis les instructions d'installation.

Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici

Poste le rapport généré sur le forum.

salut bruce,

voici le rapport de hjt

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:35:08, on 26/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\AntiVir PersonalEdition Classic\update.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\igfqtvsw.dll

O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\System32\vtuurpq.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8BA2FFBA-F745-4AF7-9A1C-69B5E11B4E5F} - C:\WINDOWS\System32\pmkhh.dll (file missing)

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\ybffjser.dll",sitypnow

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.pandasoftware.com

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1171598124125

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: vtuurpq - C:\WINDOWS\SYSTEM32\vtuurpq.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--

End of file - 8078 bytes

et le rapport de vundo fix

VundoFix V6.5.7

Checking Java version...

Scan started at 12:25:28 26/08/2007

Listing files found while scanning....

C:\windows\system32\hhkmp.bak1

C:\WINDOWS\System32\hhkmp.bak2

C:\WINDOWS\System32\hhkmp.ini

C:\WINDOWS\System32\hhkmp.ini2

C:\WINDOWS\System32\hhkmp.tmp

C:\WINDOWS\System32\pmkhh.dll

Beginning removal...

Attempting to delete C:\windows\system32\hhkmp.bak1

C:\windows\system32\hhkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.bak2

C:\WINDOWS\System32\hhkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.ini

C:\WINDOWS\System32\hhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.ini2

C:\WINDOWS\System32\hhkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.tmp

C:\WINDOWS\System32\hhkmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmkhh.dll

C:\WINDOWS\System32\pmkhh.dll Has been deleted!

Performing Repairs to the registry.

Done!

merci de ton aide

j'ai remis antivir et il me repère un autre troyen sur la même dll que précédement

j.bud · le 26 août 2007

antivir me repère un autre troyen

xpack-gen sur la même dll

bruce lee · le 26 août 2007

Re,

1. Télécharge combofix.exe (par sUBs) ici :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

sur ton Bureau.

2. Double clique sur combofix.exe puis tape 1 pour lancer le scan.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Clic sur le menu Démarrer puis executer et copie/colle ceci :

"%userprofile%\Bureau\combofix.exe" /v vtuurpq

puis clic sur OK.

Un message va apparaître, appuis sur la touche "y". A la fin le bloc-notes s'ouvrira fait un copié/cllé de tout son contenu.

Poste un nouveau rapport HijackThis.

Modifié le 26 août 2007 par bruce lee

j.bud · le 26 août 2007

combo fix ne démarre pas

bruce lee · le 26 août 2007

Re,

Supprime-le puis retélécharge le steplait.

@+

j.bud · le 26 août 2007

ok ça marche

voici les log

combofix1

ComboFix 07-08-26.3 - "j‚r‚mie" 2007-08-26 14:46:31.1 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.595 [GMT 2:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Autorun.inf

C:\WINDOWS\cookies.ini

D:\Autorun.inf

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

2007-08-26 14:13 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-26 12:36 6,473 ---hs---- C:\WINDOWS\system32\ppqss.bak1

2007-08-26 12:34 <REP> d-------- C:\Program Files\Trend Micro

2007-08-26 12:25 <REP> d-------- C:\VundoFix Backups

2007-08-26 12:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic

2007-08-26 11:41 <REP> d-------- C:\Program Files\hijack this

2007-08-25 20:21 86,094 --a------ C:\WINDOWS\BPMNT.dll

2007-08-25 20:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2007-08-25 20:20 <REP> d-------- C:\WINDOWS\AU_Temp

2007-08-25 17:09 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-08-25 17:09 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-08-25 17:09 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-08-25 17:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-08-25 17:09 <REP> d-------- C:\Program Files\Spyware Doctor

2007-08-25 17:08 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-08-25 13:11 <REP> d-------- C:\Program Files\Windows Defender

2007-08-25 12:48 <REP> d-------- C:\WINDOWS\system32\fr-fr

2007-08-25 12:45 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2007-08-25 12:30 <REP> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-25 12:19 <REP> d-------- C:\WINDOWS\AU_Backup

2007-08-24 23:48 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2007-08-24 23:48 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-08-24 23:48 286,720 --a------ C:\WINDOWS\PATCH.EXE

2007-08-24 23:48 <REP> d-------- C:\WINDOWS\AU_Log

2007-08-24 16:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

2007-08-22 13:18 <REP> d-------- C:\DOCUME~1\JRMIE~1\Contacts

2007-08-22 13:17 <REP> d-------- C:\Program Files\MSN Messenger

2007-08-21 16:19 53,248 --a------ C:\WINDOWS\PalmDevC.dll

2007-08-21 16:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync

2007-08-21 16:17 <REP> d-------- C:\Program Files\palmOne

2007-08-20 15:20 2,278,912 --a------ C:\WINDOWS\system32\kernel1.exe

2007-08-20 12:16 <REP> d-------- C:\Program Files\CCleaner

2007-08-19 15:35 <REP> d-------- C:\Program Files\iTunes

2007-08-19 15:35 <REP> d-------- C:\Program Files\iPod

2007-08-19 15:34 <REP> d-------- C:\Program Files\QuickTime

2007-08-19 15:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

2007-08-19 15:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-19 15:33 <REP> d-------- C:\Program Files\Apple Software Update

2007-08-19 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2007-08-19 15:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

2007-08-19 13:54 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr

2007-08-18 21:25 0 --a------ C:\WINDOWS\system32\zlib.dll

2007-08-18 20:54 131 --a------ C:\WINDOWS\system32\Executor.exe.bat

2007-08-18 20:54 <REP> d-------- C:\Program Files\TGTSoft

2007-08-18 20:53 <REP> d-------- C:\WINDOWS\ShellNew

2007-08-18 20:53 <REP> d-------- C:\Program Files\ICEOWS

2007-08-18 20:27 <REP> d-------- C:\Program Files\eMule

2007-08-18 20:25 <REP> d-------- C:\Program Files\uTorrent

2007-08-18 20:03 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr

2007-08-18 20:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-08-18 20:00 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe

2007-08-18 20:00 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll

2007-08-18 20:00 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys

2007-08-18 18:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA

2007-08-18 18:21 <REP> d-------- C:\Program Files\Mozilla Thunderbird

2007-08-18 17:55 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2007-08-18 17:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-08-18 17:02 <REP> d-------- C:\Program Files\OpenOffice.org 2.2

2007-08-18 16:13 6,550 --a------ C:\WINDOWS\jautoexp.dat

2007-08-18 16:13 46,352 --a------ C:\WINDOWS\setdebug.exe

2007-08-18 16:13 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2007-08-18 16:13 113 --a------ C:\WINDOWS\system32\zonedon.reg

2007-08-18 16:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg

2007-08-18 16:01 <REP> d-------- C:\Program Files\Google

2007-08-18 15:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-08-18 15:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-18 15:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer

2007-08-18 15:09 <REP> d-------- C:\WINDOWS\ServicePackFiles

2007-08-18 15:07 <REP> d-------- C:\WINDOWS\EHome

2007-08-18 13:27 7,202 --a------ C:\WINDOWS\mozver.dat

2007-08-18 13:27 335 --a------ C:\WINDOWS\nsreg.dat

2007-08-18 13:27 <REP> d-------- C:\Program Files\mozilla.org

2007-08-18 13:26 <REP> d-------- C:\Program Files\Lavasoft

2007-08-17 23:23 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2007-08-17 23:23 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2007-08-17 23:23 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-08-17 23:23 <REP> d-------- C:\Program Files\Alwil Software

2007-08-17 22:23 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll

2007-08-17 22:23 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

2007-08-17 22:23 351,232 --a------ C:\WINDOWS\system32\winhttp.dll

2007-08-17 22:23 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-17 22:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-08-17 22:23 <REP> d--h----- C:\WINDOWS\$hf_mig$

2007-08-17 22:23 <REP> d-------- C:\WINDOWS\system32\bits

2007-08-17 22:16 9,728 --ah----- C:\WINDOWS\system32\rjpjfef.exe

2007-08-17 22:14 119 --a------ C:\WINDOWS\system32\nqmirf.bat

2007-08-17 22:13 43,542 --------- C:\WINDOWS\system32\vtuurpq.dll

2007-08-17 22:11 124 --a------ C:\WINDOWS\system32\kbzildcq.bat

2007-08-17 22:11 114 --a------ C:\WINDOWS\system32\xkin.bat

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-21 16:17 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys

2007-08-18 17:16 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-08-18 17:16 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]

2007-08-17 22:13 43542 --------- C:\WINDOWS\system32\vtuurpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BA2FFBA-F745-4AF7-9A1C-69B5E11B4E5F}]

C:\WINDOWS\System32\pmkhh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 15:43]

"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2006-08-11 15:43 C:\WINDOWS\system32\nvmctray.dll]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"= C:\WINDOWS\system32\vtuurpq.dll [2007-08-17 22:13 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuurpq]

vtuurpq.dll 2007-08-17 22:13 43542 C:\WINDOWS\system32\vtuurpq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys

R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E80E0C06-D960-DF4A-B6E3-CC51B00095D0}]

C:\WINDOWS\system32\Executor.exe

Contents of the 'Scheduled Tasks' folder

2007-08-24 15:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

2007-08-26 12:38:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-26 14:48:21

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-26 14:49:29

C:\ComboFix-quarantined-files.txt ... 2007-08-26 14:49

--- E O F ---

combofix2

ComboFix 07-08-26.3 - "j‚r‚mie" 2007-08-26 14:52:19.2 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.549 [GMT 2:00]

Command switches used :: /v vtuurpq