Gros problème de trojan

[Analya]

J'ai déjà AntiVir installé ^^ Et un parefeu. Mais je vais te faire un report d'antivir quand même. En attendant, voilà déjà le log de combofix

 

 

 

ComboFix 07-10-12.4 - HP_Propri‚taire 2007-10-13 1:38:47.6 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.1831 [GMT 2:00]

Running from: C:\Documents and Settings\HP_Propri‚taire\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt

* Created a new restore point

 

FILE::

C:\Program Files\hlpsrv.exe

C:\WINDOWS\_default.pif

C:\WINDOWS\mgrs.exe

C:\WINDOWS\system32\bdeeg.bak2

C:\WINDOWS\system32\ddcdcde.dll

C:\WINDOWS\system32\geedb.dll

C:\WINDOWS\system32\geedb.VIR

C:\WINDOWS\system32\winujj32.dll

C:\WINDOWS\TEMP\win37.tmp.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\hlpsrv.exe

C:\WINDOWS\_default.pif

C:\WINDOWS\system32\awvtu.dll

C:\WINDOWS\system32\awvtu.dll

C:\WINDOWS\system32\bdeeg.bak2

C:\WINDOWS\system32\ddcdcde.dll

C:\WINDOWS\system32\geedb.VIR

C:\WINDOWS\system32\utvwa.bak1

C:\WINDOWS\system32\utvwa.bak1

C:\WINDOWS\system32\utvwa.ini

C:\WINDOWS\system32\utvwa.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))))))))

.

 

2007-10-12 21:36 81,920 -ra------ C:\WINDOWS\system32\equcof.dll

2007-10-12 21:36 45,056 -ra------ C:\WINDOWS\system32\uacb.dll

2007-10-12 21:35 21,276 -ra------ C:\WINDOWS\system32\drivers\uacflt.sys

2007-10-11 13:42 <REP> d-------- C:\Program Files\TVersity Codec Pack

2007-10-11 13:41 <REP> d-------- C:\Program Files\TVersity

2007-10-08 20:10 <REP> d-------- C:\WINDOWS\AU_Temp

2007-10-06 01:09 <REP> d-------- C:\VundoFix Backups

2007-10-06 01:01 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intervideo

2007-10-06 00:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer

2007-09-28 11:36 <REP> d-------- C:\Program Files\iPod

2007-09-22 14:20 <REP> C:\Documents and Settings\HP_Propriétaire\PsiData

2007-09-21 13:38 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2007-09-21 13:38 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2007-09-21 13:38 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2007-09-21 13:38 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2007-09-21 13:38 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2007-09-21 13:38 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2007-09-21 13:38 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

2007-09-21 13:38 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2007-09-21 13:38 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2007-09-17 23:38 <REP> d-------- C:\Program Files\Games-Masters.com

2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll

2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-12 23:44 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2007-10-12 23:43 15,728,640 ---ha-w C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT

2007-10-12 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-11 21:17 --------- d-----w C:\Program Files\Windows Live Safety Center

2007-10-10 20:22 --------- d-----w C:\Program Files\XoftSpySE

2007-10-10 06:57 --------- d-----w C:\Program Files\City of Heroes

2007-10-08 18:11 86,094 -c--a-w C:\WINDOWS\BPMNT.dll

2007-10-08 18:11 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll

2007-10-08 18:11 267,845 -c--a-w C:\WINDOWS\tsc.exe

2007-10-08 18:11 1,163,344 -c--a-w C:\WINDOWS\vsapi32.dll

2007-10-08 18:07 --------- d-----w C:\Program Files\MSN Messenger

2007-10-08 18:07 --------- d-----w C:\Program Files\Messenger Plus! Live

2007-10-04 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-10-01 08:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2007-09-28 09:36 --------- d-----w C:\Program Files\iTunes

2007-09-25 04:53 --------- d-----w C:\Program Files\Fichiers communs\Skype

2007-09-17 11:41 --------- d-----w C:\Program Files\Apple Software Update

2007-09-16 09:38 356 ----a-w C:\drmHeader.bin

2007-09-15 11:26 --------- d-----w C:\Program Files\NCSoft

2007-09-12 09:02 --------- d-s---w C:\Program Files\Xfire

2007-09-10 12:06 --------- d-----w C:\Program Files\Codemasters

2007-09-05 10:37 --------- d-----w C:\Program Files\Ubisoft

2007-09-03 15:30 --------- d-----w C:\Program Files\IVCsoft

2007-09-03 15:28 --------- d-----w C:\Program Files\Replay Converter

2007-09-03 15:20 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-08-22 14:07 --------- d-----w C:\Program Files\ICQLite

2007-08-15 22:33 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2004-05-06 10:14 40,448 -c--a-w C:\Documents and Settings\HP_Propriétaire\setup.exe

2005-05-13 16:12:00 217,073 -csha-r C:\WINDOWS\meta4.exe

2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2005-06-26 14:32:28 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll

2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

-c--a-w 253,952 2004-10-14 20:54:32 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

 

-c--a-w 81,920 2004-07-27 22:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe

----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

 

-c--a-w 221,184 2004-07-27 22:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

 

-c--a-w 106,496 2005-10-20 04:10:54 C:\Program Files\Fichiers communs\InterVideo\SchSvr\bak\SchSvr.exe

----a-w 106,496 2004-09-20 00:53:26 C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe

 

-c--a-w 28,672 2002-07-18 16:36:34 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\bak\WkUFind.exe

 

-c--a-w 180,269 2006-05-12 19:04:56 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe

 

-c--a-w 110,592 2003-08-18 23:01:00 C:\Program Files\Fichiers communs\Sonic\Update Manager\bak\sgtray.exe

 

-c--a-w 49,152 2005-02-16 21:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 49,152 2005-02-16 21:11:42 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

 

-c--a-w 262,144 2005-10-20 03:02:44 C:\Program Files\InterVideo\Common\Bin\bak\WinRemote.exe

 

----a-w 229,952 2006-09-25 12:54:24 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 267,064 2007-09-26 12:42:04 C:\Program Files\iTunes\iTunesHelper.exe

 

-c--a-w 36,975 2006-05-03 00:56:56 C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe

 

-c--a-w 282,624 2006-09-24 01:24:54 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 286,720 2007-06-29 04:24:52 C:\Program Files\QuickTime\QTTask.exe

 

-c--a-w 208,952 2004-08-05 12:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE

----a-w 208,952 2004-08-05 12:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

 

-c--a-w 233,472 2004-04-14 20:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

 

-c--a-w 52,736 1998-05-07 16:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

 

-c--a-w 262,144 2004-11-01 15:22:22 C:\WINDOWS\system32\bak\ElkCtrl.exe

----a-w 262,144 2004-11-01 15:22:22 C:\WINDOWS\system32\ElkCtrl.exe

 

-c--a-w 225,280 2005-12-09 13:32:18 C:\WINDOWS\system32\bak\LVCOMSX.EXE

----a-w 225,280 2005-12-09 13:32:18 C:\WINDOWS\system32\LVCOMSX.EXE

 

-c--a-w 155,648 2001-07-09 08:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

 

-c--a-w 24,576 1998-02-05 19:16:18 C:\WINDOWS\system32\bak\NILaunch.exe

 

-c--a-w 59,392 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe

----a-w 59,392 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

 

-c--a-w 455,168 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE

----a-w 455,168 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

 

-c--a-w 1,398,272 2006-03-23 15:06:50 F:\Program Files\Ahead\InCD\bak\InCD.exe

 

-c--a-w 32,768 2004-11-02 19:24:46 F:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe

 

-c--a-w 184,320 2003-12-18 21:37:58 F:\Program Files\HP DVD\Umbrella\bak\DVDBitSet.exe

 

-c--a-w 57,344 2004-09-03 17:14:10 F:\Program Files\HP DVD\Umbrella\bak\DVDTray.exe

 

-c--a-w 20,005,928 2006-06-26 13:53:38 F:\Program Files\Skype\Phone\bak\Skype.exe

 

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCLEPCI"="F:\PROGRA~1\Pinnacle\PPE\ppe.exe" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"nwiz"="nwiz.exe" []

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22]

"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2004-09-20 02:53]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 14:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 14:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"IETI"=F:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RFScheduler.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RFScheduler.lnk

backup=C:\WINDOWS\pss\RFScheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Trillian.lnk]

path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Trillian.lnk

backup=C:\WINDOWS\pss\Trillian.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

C:\Program Files\Fichiers communs\Adobe\Updater\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ColiYala]

C:\Program Files\ColiYala 1.0\Coliyala.exe -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

F:\Program Files\eMule\emule.exe -AutoStart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]

"C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

 

R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys

R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys

S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys

S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a82447d-50a3-11db-8a15-0013d32b522a}]

AutoRun\command - L:\SETUP.EXE /AUTORUN

configure\command - L:\SETUP.EXE

install\command - L:\SETUP.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b4a81a-0e9a-11dc-8a99-0013d32b522a}]

AutoRun\command - L:\Splash.exe

dinstall\command - L:\directx3\directx\dxsetup.exe

readme\command - L:\Help\Help.exe Help\Readme.hlp

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-10-12 12:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

"2007-10-12 23:51:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5E1901BE-6B7F-45F9-91E3-452FCEC10FE1}.job"

"2006-06-04 15:48:41 C:\WINDOWS\Tasks\XoftSpy.job"

- C:\Program Files\XoftSpy\XoftSpy.exe

"2007-10-12 23:45:32 C:\WINDOWS\Tasks\XoftSpySE 2.job"

"2007-05-19 01:03:28 C:\WINDOWS\Tasks\XoftSpySE.job"

- C:\Program Files\XoftSpySE\XoftSpy.exe

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-13 01:45:12

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\WINDOWS\WinSxS

C:\WINDOWS\wmprfnor.prx

C:\WINDOWS\winamp.ini

C:\WINDOWS\WindowsShell.Manifest

C:\WINDOWS\WindowsUpdate.log

C:\WINDOWS\winhelp.exe

C:\WINDOWS\winhelp.ini

C:\WINDOWS\winhlp32.exe

C:\WINDOWS\WININIT.INI

C:\WINDOWS\winnt.bmp

C:\WINDOWS\winnt256.bmp

C:\WINDOWS\WMFDist11.log

C:\WINDOWS\wmp11.log

C:\WINDOWS\WMPrfAra.prx

C:\WINDOWS\WMPrfCHS.prx

C:\WINDOWS\WMPrfCHT.prx

C:\WINDOWS\wmprfcsy.prx

C:\WINDOWS\wmprfdan.prx

C:\WINDOWS\WMPrfDeu.prx

C:\WINDOWS\wmprfell.prx

C:\WINDOWS\wmprfesp.prx

C:\WINDOWS\wmprffin.prx

C:\WINDOWS\wmprfFRA.prx

C:\WINDOWS\wmprfheb.prx

C:\WINDOWS\wmprfhun.prx

C:\WINDOWS\wmprfita.prx

C:\WINDOWS\WMPrfJpn.prx

C:\WINDOWS\WMPrfKor.prx

C:\WINDOWS\wmprfnld.prx

C:\WINDOWS\wmprfplk.prx

C:\WINDOWS\wmprfptb.prx

C:\WINDOWS\wmprfptg.prx

C:\WINDOWS\wmprfrus.prx

C:\WINDOWS\wmprfsky.prx

C:\WINDOWS\wmprfslv.prx

C:\WINDOWS\wmprfsve.prx

C:\WINDOWS\wmprftrk.prx

C:\WINDOWS\wmsetup.log

C:\WINDOWS\wmsetup10.log

C:\WINDOWS\WMSysPr9.prx

C:\WINDOWS\Wudf01000Inst.log

C:\WINDOWS\x2.64.exe

C:\WINDOWS\XpsEPSC.log

C:\WINDOWS\XPSEPSCLP.log

C:\WINDOWS\xpsp1hfm.log

C:\WINDOWS\Zapotec.bmp

C:\WINDOWS\~GLC0000.TMP

C:\WINDOWS\~GLC0001.TMP

C:\WINDOWS\~GLC0002.TMP

C:\WINDOWS\~GLC0003.TMP

C:\WINDOWS\~GLC0004.TMP

 

scan completed successfully

hidden files: 51

 

**************************************************************************

.

Completion time: 2007-10-13 1:53:33 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-08 20:05

C:\ComboFix2.txt ... 2007-10-13 00:01

C:\ComboFix3.txt ... 2007-10-08 20:05

.

--- E O F ---

[Analya]

AntiVir PersonalEdition Classic

Report file date: samedi 13 octobre 2007 02:14

 

Scanning for 878005 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: HOWARD

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55

ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 00:01:20

ANTIVIR3.VDF : 7.0.0.83 158720 Bytes 12/10/2007 00:01:20

AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 13/10/2007 00:01:20

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: samedi 13 octobre 2007 02:14

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

12 processes with 12 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

Master boot sector HD2

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Master boot sector HD3

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Master boot sector HD4

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

Master boot sector HD5

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0015

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

Boot sector 'J:\'

[NOTE] In the drive 'J:\' no data medium is inserted!

Boot sector 'K:\'

[NOTE] In the drive 'K:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '53' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HP_PAVILION>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <HP_RECOVERY>

Begin scan in 'F:\' <Howard>

Begin scan in 'G:\' <Partage>

 

End of the scan: samedi 13 octobre 2007 03:25

Used time: 1:11:00 min

 

The scan has been done completely.

 

18712 Scanning directories

172328 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

172327 Files not concerned

11668 Archives were scanned

0 Warnings

0 Notes

70991 Objects were scanned with rootkit scan

0 Hidden objects were found

[Thanos]

salut

 

Combofix a bien nettoyé

 

J'ai déjà AntiVir installé ^^ Et un parefeu. Mais je vais te faire un report d'antivir quand même. En attendant, voilà déjà le log de combofix

Désolé de te contredire, mais il n'y avait aucun antivirus sur le pc! La liste de désinstallation ainsi que la liste des dossiers présents sur le pc le montrent bien. Pas de parefeu non plus (mis à part celui intégré à Windows)

A ce propos, je te conseille chaudement d'en installer un vrai car celui de Windows est une passoire >

 

Voila quelques liens pour des pare-feux gratuits

 

Zone Alarm (2 versions )

Lien de téléchargement de la version FREE : http://dl2.zonelabs.com/bin/free/3301_fr/z..._737_000_fr.exe

Lien de téléchargement de la version PRO : http://www.zonelabs.com/store/content/cata...lid=dbtopnav_za

La version pro est payante après une période d'essai.

Tuto de Tesgaz pour la version pro : http://speedweb1.free.fr/frames2.php?page=tuto1

Tuto de Odsen pour la version free : http://benoit.aun.free.fr/securite-facile-php/zonealarm.php

 

Kerio

Lien de téléchargement : http://www.sunbelt-software.com/evaluation/440/kerio.exe

Tuto de Malekal_morte : http://www.malekal.com/kerio_firewall.html

 

Jetico

Lien de téléchargement éditeur : http://www.jetico.com/

Lien de téléchargement sur Zebulon (en fr) : http://telechargement.zebulon.fr/license-1-225.html

Tuto de Odsen (lien site) : http://benoit.aun.free.fr/securite-facile-php/jetico.php

Tuto de Odsen (lien zeb) : http://forum.zebulon.fr/index.php?showtopic=93489

 

Outpost firewall free

Lien de téléchargement éditeur : http://www.agnitum.com/products/outpostfree/download.php

Tuto de Odsen (lien site) : http://securite-facile.ovh.org/outpost.php

 

La liste n'est pas exhaustive, il en existe d'autres gratuits, et d'autres avec plus de fonctions payants. Télécharge l'exécutable d'installation du pare-feu que tu auras choisi. Déconnecte toi, débranche physiquement ta connexion, et lance l'installation de ton pare-feu. Puis reconnecte toi et suis les instructions supplémentaires s'il y en a. Aide toi des tutos.

 

Je te conseille Zone Alarme ou Kério en version gratuite pour commencer, tu pourras en changer par la suite pour un pare-feu plus élaboré quand tu auras le temps de t'y plonger. Un pare-feu bien configuré, est garant de la sécurité du pc et de ta tranquilité .

 

 

A présent, j'aimerai que tu fasses le scan en ligne suivant stp >

• Fais un scan en ligne Kaspersky avec Internet Explorer :
  
• Clique sur
  
• Clique maintenant sur J'accepte.
  
• Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  
• Patiente pendant l'installation des Mises à jour.
  
• Choisis par la suite l'analyse du Poste de travail
  
• Sauvegarde puis colle le rapport généré en fin d'analyse.
  

AIDE : Configurer le contrôle des ActiveX

Note : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", vas dans Ajout/Suppression de programmes et désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

 

Si ca ne fonctionne pas, fais ceci et recommence >

 

Lance Internet Explorer.

Dans le menu Outils, clique sur Options Internet.

Clique sur l'onglet Programmes > sur Rétablir les paramètres Web > puis sur Oui dans la boîte de dialogue Rétablir les paramètres Web. Clique enfin sur Appliquer > puis sur OK.

 

Après ca, on attaque l'infection suivante