Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Infection tenace

boheme52

Par boheme52
dans Analyses et éradication malwares

 Partager

Messages recommandés

boheme52 Member

boheme52

Posté(e)
Posté(e) (modifié)

Je viens de m'installer un nouveau Pc

Je le pensais bien protégé :

Avast, Kerio, Spy S&D, ad-aware

Et je viens de me choper cette crasse

J'ai fait tourner adaware, spy s&d qui m'ont nettoyé plein de trucs, mais ça revient sans cesse

J'ai fait tourner smitfraudfix en option 2, c'esr tjrs la :P

 

SmitFraudFix v2.195

 

Rapport fait à 19:23:39,62, ven. 26/10/2007

Executé à partir de E:\Pgms (F)\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\fast.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DynDNS Updater\DynDNS.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\VIA\RAID\raid_tool.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

C:\Program Files\Snowforw\Snowforw.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Fast.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Crazy Browser\Crazy Browser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets

DNS Server Search Order: 172.19.3.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9242361-5A7C-47F2-93EA-3A9F6A4876E3}: DhcpNameServer=172.19.3.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9242361-5A7C-47F2-93EA-3A9F6A4876E3}: DhcpNameServer=172.19.3.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9242361-5A7C-47F2-93EA-3A9F6A4876E3}: DhcpNameServer=172.19.3.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:26:56, on 26/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\fast.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DynDNS Updater\DynDNS.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\VIA\RAID\raid_tool.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

C:\Program Files\Snowforw\Snowforw.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Fast.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Crazy Browser\Crazy Browser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1BF0EB4E-4CCD-44C7-81B6-AF83693D49DB} - C:\WINDOWS\system32\sstqr.dll

O2 - BHO: SystemA - {263D9676-810E-11DC-8324-0800200C9A67} - C:\Program Files\SystemA\ie-improver.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5} - C:\WINDOWS\system32\urqonkj.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\kidgkxnf.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pfwcjdig.dll

O2 - BHO: (no name) - {B5302307-6F5B-4BBE-BC0C-3EF416F454BC} - (no file)

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pfwcjdig.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

O4 - Startup: Raccourci vers Snowforw.exe.lnk = C:\Program Files\Snowforw\Snowforw.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: pfwcjdig - C:\WINDOWS\SYSTEM32\pfwcjdig.dll

O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8795 bytes

Modifié par boheme52

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Salut,

 

Tu es allé cherché un petit crack pour cracker tes nouveaux logiciels ?

 

 

 

Télécharge Combofix sUBs : combofix.exe

et sauvegarde le sur ton bureau et pas ailleurs!

 

Clic sur le menu Démarrer puis executer et copie/colle ceci :

"%userprofile%\Bureau\combofix.exe" /v pfwcjdig urqonkj

 

puis clic sur OK.

 

Il va te poser une question, réponds par la touche 1 et entrée pour valider.

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

 

Copie/colle un nouveau rapport HiJackThis avec.

boheme52 Member

boheme52

Posté(e)
  • Auteur
Posté(e)

ComboFix 07-10-26.4 - Administrateur 2007-10-26 20:14:00.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.535 [GMT 2:00]

Running from: C:\Documents and Settings\Administrateur\Bureau\combofix.exe

Command switches used :: /v pfwcjdig urqonkj

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk

C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk

C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk

C:\WINDOWS\system32\kidgkxnf.dll

C:\WINDOWS\system32\pfwcjdig.dllbox

C:\WINDOWS\system32\rqtss.bak1

C:\WINDOWS\system32\rqtss.bak2

C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\sstqr.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))

.

 

2007-10-26 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-26 19:26 <REP> d-------- C:\Program Files\Trend Micro

2007-10-26 19:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-10-26 19:23 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-10-26 19:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-10-26 18:14 2,732 --a------ C:\WINDOWS\system32\tmp.reg

2007-10-26 17:03 83,008 --a------ C:\WINDOWS\system32\apeqixya.dll

2007-10-26 16:56 340,032 --a------ C:\WINDOWS\system32\pfwcjdig.dll

2007-10-26 16:56 340,032 --a------ C:\WINDOWS\system32\humbktoq.dll

2007-10-26 11:53 <REP> d-------- C:\Program Files\Fichiers communs\OCP Software

2007-10-26 11:53 <REP> d-------- C:\My CE Installations

2007-10-26 11:53 229,450 --a------ C:\WINDOWS\system32\ocpTools.dll

2007-10-26 11:29 <REP> d-------- C:\Program Files\Common Files

2007-10-26 11:27 <REP> d-------- C:\Program Files\OCP Software

2007-10-26 11:01 <REP> d--h----- C:\Program Files\SystemA

2007-10-26 11:01 145,929 --a------ C:\WINDOWS\system32\sysdl132.exe

2007-10-26 11:01 33,792 --------- C:\WINDOWS\system32\urqonkj.dll

2007-10-26 11:01 8,704 --a------ C:\sysuouv.exe

2007-10-22 18:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-22 18:17 <REP> d-------- C:\Program Files\MSXML 4.0

2007-10-10 23:03 <REP> d-------- C:\Program Files\Microsoft ActiveSync

2007-10-09 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2007-10-09 18:21 <REP> d-------- C:\Program Files\CyberLink

2007-10-06 19:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM

2007-10-04 18:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3

2007-10-03 20:33 <REP> d-------- C:\Program Files\7-Zip

2007-10-03 19:09 <REP> d-------- C:\Program Files\Medion GoPal Assistant

2007-10-03 19:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GoPal Assistant

2007-10-03 18:06 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys

2007-10-03 18:06 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

2007-10-02 11:06 339,968 --a------ C:\WINDOWS\system32\pscUD112.dll

2007-10-02 11:06 49,152 --a------ C:\WINDOWS\system32\pscVSWIA.dll

2007-10-02 11:05 94,208 --a------ C:\WINDOWS\system32\PSCLU112.dll

2007-10-02 11:05 53,248 --a------ C:\WINDOWS\system32\pscND112.exe

2007-10-01 21:41 <REP> d-------- C:\Program Files\My Drivers

2007-09-30 20:33 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData

2007-09-29 13:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON

2007-09-29 13:16 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys

2007-09-29 13:16 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll

2007-09-29 13:09 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-09-29 13:09 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-09-29 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL

2007-09-29 13:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll

2007-09-29 13:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll

2007-09-29 13:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll

2007-09-29 12:58 <REP> d-------- C:\Program Files\UIU

2007-09-29 11:32 94,208 --a------ C:\WINDOWS\amcap.exe

2007-09-29 11:31 <REP> d-------- C:\Program Files\Fichiers communs\snpstd3

2007-09-29 11:31 8,718,848 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys

2007-09-29 11:31 339,968 --a------ C:\WINDOWS\vsnpstd3.exe

2007-09-29 11:31 90,112 --a------ C:\WINDOWS\tsnpstd3.exe

2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\rsnpstd3.dll

2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll

2007-09-29 11:31 53,248 --a------ C:\WINDOWS\vsnpstd3.dll

2007-09-29 11:31 53,248 --a------ C:\WINDOWS\system32\vsnpstd3.dll

2007-09-29 11:31 20,480 --a------ C:\WINDOWS\usnpstd3.exe

2007-09-29 11:31 20,480 --------- C:\WINDOWS\CameraFixer.exe

2007-09-29 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech

2007-09-29 09:25 <REP> d-------- C:\Program Files\Snowforw

2007-09-29 09:21 <REP> d-------- C:\Program Files\CyberLink2

2007-09-29 09:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Visicom Media

2007-09-29 09:01 <REP> d-------- C:\Program Files\vmntoolbar

2007-09-29 09:01 <REP> d-------- C:\Program Files\Visicom Media

2007-09-29 08:58 <REP> d-------- C:\Program Files\Runtime Software

2007-09-29 08:56 <REP> d-------- C:\Program Files\IrfanView

2007-09-29 08:53 <REP> d-------- C:\Program Files\G6 FTP Server

2007-09-29 08:38 <REP> d-------- C:\WINDOWS\InCD

2007-09-29 08:38 3,067,904 --------- C:\WINDOWS\NuNinst.exe

2007-09-29 08:38 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys

2007-09-29 08:38 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys

2007-09-29 08:38 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys

2007-09-29 08:38 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys

2007-09-28 20:55 <REP> d-------- C:\Program Files\Lavasoft

2007-09-28 20:35 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2007-09-28 20:18 <REP> d-------- C:\WINDOWS\system32\QuickTime

2007-09-28 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Vbox

2007-09-28 20:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller

2007-09-28 20:06 <REP> d-------- C:\Program Files\Macromedia

2007-09-28 20:06 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia

2007-09-28 20:05 <REP> d-------- C:\WINDOWS\Downloaded Installations

2007-09-28 20:04 <REP> d-------- C:\Program Files\PowerQuest

2007-09-28 20:02 <REP> d-------- C:\Program Files\SpeedFan

2007-09-28 19:51 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-28 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

2007-09-28 19:35 <REP> d-------- C:\Program Files\Elaborate Bytes

2007-09-28 18:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SlySoft

2007-09-28 18:54 <REP> d-------- C:\Program Files\SlySoft

2007-09-28 18:51 <REP> d-------- C:\Program Files\Fichiers communs\Ahead

2007-09-28 18:51 <REP> d-------- C:\Program Files\Ahead

2007-09-28 18:51 569,344 --a------ C:\WINDOWS\system32\imagr5.dll

2007-09-28 18:51 544,768 --a------ C:\WINDOWS\system32\imagx5.dll

2007-09-28 18:51 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll

2007-09-28 18:51 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-09-28 18:51 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2007-09-28 18:51 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-09-28 18:51 38,912 --a------ C:\WINDOWS\system32\picn20.dll

2007-09-28 18:51 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2007-09-28 17:57 <REP> d-------- C:\Program Files\Firetrust

2007-09-28 17:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MailWasherPro

2007-09-28 17:51 <REP> d-------- C:\EPSON

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-26 16:22 232 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2007-10-21 09:21 --------- d-----w C:\Program Files\Java

2007-09-29 08:28 --------- d-----w C:\Program Files\Crazy Browser

2007-09-28 15:52 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-09-28 14:58 9,324,032 ----a-w C:\WINDOWS\system32\RTLCPL.EXE

2007-09-28 14:58 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE

2007-09-28 14:58 294,912 ------w C:\WINDOWS\alcupd.exe

2007-09-28 14:58 200,704 ------w C:\WINDOWS\alcrmv.exe

2007-09-28 14:58 2,317,504 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2007-09-28 14:58 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll

2007-09-28 11:58 --------- d-----w C:\Program Files\Fichiers communs\Java

2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines

2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\ODBC

2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\Audio3D.dll

2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\a3d.dll

2007-09-28 10:03 400,384 ----a-w C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2007-09-28 10:00 --------- d-----w C:\Program Files\VIA

2007-09-28 09:58 --------- d-----w C:\Program Files\Marvell

2007-09-28 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-09-28 09:46 --------- d-----w C:\Program Files\Sunbelt Software

2007-09-28 09:40 --------- d-----w C:\Program Files\Alwil Software

2007-09-28 09:19 --------- d-----w C:\Program Files\microsoft frontpage

2007-09-28 09:18 --------- d-----w C:\Program Files\Services en ligne

2007-09-28 09:17 --------- d-----w C:\Program Files\Fichiers communs\MSSoap

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-31 18:45 69,632 ----a-w C:\WINDOWS\system32\wshext.dll

2007-07-31 18:45 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-07-31 18:45 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll

2007-07-31 18:45 32,768 ----a-w C:\WINDOWS\system32\dispex.dll

2007-07-31 18:45 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll

2007-07-31 18:45 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll

2007-07-31 18:45 135,168 ----a-w C:\WINDOWS\system32\wscript.exe

2007-07-31 18:45 114,688 ----a-w C:\WINDOWS\system32\cscript.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{263D9676-810E-11DC-8324-0800200C9A67}]

2007-10-26 11:01 95232 --a------ C:\Program Files\SystemA\ie-improver.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}]

2007-10-26 11:01 33792 --------- C:\WINDOWS\system32\urqonkj.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-10-26 16:56 340032 --a------ C:\WINDOWS\system32\pfwcjdig.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5302307-6F5B-4BBE-BC0C-3EF416F454BC}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pfwcjdig.dll [2007-10-26 16:56 340032]

 

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

"SoundMan"="SOUNDMAN.EXE" [2007-09-28 16:58 C:\WINDOWS\SOUNDMAN.EXE]

"ASUS Probe"="C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe" [2002-12-06 16:07]

"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 C:\WINDOWS\system32\ptipbmf.dll]

"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 12:14]

"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-19 12:14]

"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 12:14]

"ec1a4104"="C:\WINDOWS\system32\apeqixya.dll" [2007-10-26 17:03]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34]

"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32]

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-09-28 19:00]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07]

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\

MailWasherPro.lnk - C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe [2004-04-10 07:21:44]

Raccourci vers Snowforw.exe.lnk - C:\Program Files\Snowforw\Snowforw.exe [2007-09-27 12:21:46]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-28 20:36:01]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-09-28 12:00:08]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}"= C:\WINDOWS\system32\urqonkj.dll [2007-10-26 11:01 33792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pfwcjdig]

pfwcjdig.dll 2007-10-26 16:56 340032 C:\WINDOWS\system32\pfwcjdig.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonkj]

urqonkj.dll 2007-10-26 11:01 33792 C:\WINDOWS\system32\urqonkj.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqr.dll

 

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys

R2 AsProbe;AsProbe;\??\C:\WINDOWS\system32\drivers\AsProbe.sys

S2 A32P;A32P;C:\WINDOWS\system32\drivers\A32P.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c898804e-7293-11dc-979e-0011d898a47d}]

AutoRun\command - I:\LaunchU3.exe -a

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-09-28 14:14:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"

.

**************************************************************************

 

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-26 20:22:35

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-10-26 20:24:25 - machine was rebooted

.

--- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:40, on 26/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Fast.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\fast.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DynDNS Updater\DynDNS.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

C:\Program Files\Snowforw\Snowforw.exe

C:\Program Files\Crazy Browser\Crazy Browser.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pfwcjdig.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

O4 - Startup: Raccourci vers Snowforw.exe.lnk = C:\Program Files\Snowforw\Snowforw.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7565 bytes

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Vas sur http://upload.malekal.com

clic sur parcourir et sélectionne le fichier : C:\sysuouv.exe (clic sur poste de travail à gauche puis Disque C --> sysuouv.exe )

Ne touche pas au champs "Choisir le dossier de destination"

Clic sur envoyer fichier

 

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

 

File::

C:\WINDOWS\system32\apeqixya.dll

C:\WINDOWS\system32\sysdl132.exe

C:\WINDOWS\system32\urqonkj.dll

C:\WINDOWS\system32\apeqixya.dll

C:\WINDOWS\system32\pfwcjdig.dll

C:\WINDOWS\system32\humbktoq.dll

C:\sysuouv.exe

 

Enregistre ce fichier sous le nom CFScript

 

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

 

[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

 

Poste un nouveau rapport HijackThis.

boheme52 Member

boheme52

Posté(e)
  • Auteur
Posté(e) (modifié)

Le problème a l'air réglé :P

Un tout grand merci à tous

Mais existe-t-il un moyen de se protéger de ce genre de chose ?

Changer Avast par Antivir comme proposé plus haut ?

Autre chose ?

 

ComboFix 07-10-26.4 - Administrateur 2007-10-26 20:50:44.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.532 [GMT 2:00]

Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript

* Created a new restore point

 

FILE::

C:\sysuouv.exe

C:\WINDOWS\system32\apeqixya.dll

C:\WINDOWS\system32\humbktoq.dll

C:\WINDOWS\system32\pfwcjdig.dll

C:\WINDOWS\system32\sysdl132.exe

C:\WINDOWS\system32\urqonkj.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk

C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk

C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk

C:\sysuouv.exe

C:\WINDOWS\system32\apeqixya.dll

C:\WINDOWS\system32\ghkmp.bak1

C:\WINDOWS\system32\ghkmp.ini

C:\WINDOWS\system32\humbktoq.dll

C:\WINDOWS\system32\pfwcjdig.dll

C:\WINDOWS\system32\pfwcjdig.dllbox

C:\WINDOWS\system32\pmkhg.dll

C:\WINDOWS\system32\sysdl132.exe

C:\WINDOWS\system32\urqonkj.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))

.

 

2007-10-26 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-26 19:26 <REP> d-------- C:\Program Files\Trend Micro

2007-10-26 19:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-10-26 19:23 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-10-26 19:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-10-26 18:14 2,732 --a------ C:\WINDOWS\system32\tmp.reg

2007-10-26 11:53 <REP> d-------- C:\Program Files\Fichiers communs\OCP Software

2007-10-26 11:53 <REP> d-------- C:\My CE Installations

2007-10-26 11:53 229,450 --a------ C:\WINDOWS\system32\ocpTools.dll

2007-10-26 11:29 <REP> d-------- C:\Program Files\Common Files

2007-10-26 11:27 <REP> d-------- C:\Program Files\OCP Software

2007-10-26 11:01 <REP> d--h----- C:\Program Files\SystemA

2007-10-22 18:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-22 18:17 <REP> d-------- C:\Program Files\MSXML 4.0

2007-10-10 23:03 <REP> d-------- C:\Program Files\Microsoft ActiveSync

2007-10-09 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2007-10-09 18:21 <REP> d-------- C:\Program Files\CyberLink

2007-10-06 19:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM

2007-10-04 18:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3

2007-10-03 20:33 <REP> d-------- C:\Program Files\7-Zip

2007-10-03 19:09 <REP> d-------- C:\Program Files\Medion GoPal Assistant

2007-10-03 19:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GoPal Assistant

2007-10-03 18:06 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys

2007-10-03 18:06 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

2007-10-02 11:06 339,968 --a------ C:\WINDOWS\system32\pscUD112.dll

2007-10-02 11:06 49,152 --a------ C:\WINDOWS\system32\pscVSWIA.dll

2007-10-02 11:05 94,208 --a------ C:\WINDOWS\system32\PSCLU112.dll

2007-10-02 11:05 53,248 --a------ C:\WINDOWS\system32\pscND112.exe

2007-10-01 21:41 <REP> d-------- C:\Program Files\My Drivers

2007-09-30 20:33 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData

2007-09-29 13:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON

2007-09-29 13:16 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys

2007-09-29 13:16 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll

2007-09-29 13:09 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-09-29 13:09 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-09-29 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL

2007-09-29 13:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll

2007-09-29 13:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll

2007-09-29 13:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll

2007-09-29 12:58 <REP> d-------- C:\Program Files\UIU

2007-09-29 11:32 94,208 --a------ C:\WINDOWS\amcap.exe

2007-09-29 11:31 <REP> d-------- C:\Program Files\Fichiers communs\snpstd3

2007-09-29 11:31 8,718,848 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys

2007-09-29 11:31 339,968 --a------ C:\WINDOWS\vsnpstd3.exe

2007-09-29 11:31 90,112 --a------ C:\WINDOWS\tsnpstd3.exe

2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\rsnpstd3.dll

2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll

2007-09-29 11:31 53,248 --a------ C:\WINDOWS\vsnpstd3.dll

2007-09-29 11:31 53,248 --a------ C:\WINDOWS\system32\vsnpstd3.dll

2007-09-29 11:31 20,480 --a------ C:\WINDOWS\usnpstd3.exe

2007-09-29 11:31 20,480 --------- C:\WINDOWS\CameraFixer.exe

2007-09-29 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech

2007-09-29 09:25 <REP> d-------- C:\Program Files\Snowforw

2007-09-29 09:21 <REP> d-------- C:\Program Files\CyberLink2

2007-09-29 09:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Visicom Media

2007-09-29 09:01 <REP> d-------- C:\Program Files\vmntoolbar

2007-09-29 09:01 <REP> d-------- C:\Program Files\Visicom Media

2007-09-29 08:58 <REP> d-------- C:\Program Files\Runtime Software

2007-09-29 08:56 <REP> d-------- C:\Program Files\IrfanView

2007-09-29 08:53 <REP> d-------- C:\Program Files\G6 FTP Server

2007-09-29 08:38 <REP> d-------- C:\WINDOWS\InCD

2007-09-29 08:38 3,067,904 --------- C:\WINDOWS\NuNinst.exe

2007-09-29 08:38 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys

2007-09-29 08:38 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys

2007-09-29 08:38 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys

2007-09-29 08:38 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys

2007-09-28 20:55 <REP> d-------- C:\Program Files\Lavasoft

2007-09-28 20:35 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2007-09-28 20:18 <REP> d-------- C:\WINDOWS\system32\QuickTime

2007-09-28 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Vbox

2007-09-28 20:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller

2007-09-28 20:06 <REP> d-------- C:\Program Files\Macromedia

2007-09-28 20:06 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia

2007-09-28 20:05 <REP> d-------- C:\WINDOWS\Downloaded Installations

2007-09-28 20:04 <REP> d-------- C:\Program Files\PowerQuest

2007-09-28 20:02 <REP> d-------- C:\Program Files\SpeedFan

2007-09-28 19:51 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-28 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

2007-09-28 19:35 <REP> d-------- C:\Program Files\Elaborate Bytes

2007-09-28 18:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SlySoft

2007-09-28 18:54 <REP> d-------- C:\Program Files\SlySoft

2007-09-28 18:51 <REP> d-------- C:\Program Files\Fichiers communs\Ahead

2007-09-28 18:51 <REP> d-------- C:\Program Files\Ahead

2007-09-28 18:51 569,344 --a------ C:\WINDOWS\system32\imagr5.dll

2007-09-28 18:51 544,768 --a------ C:\WINDOWS\system32\imagx5.dll

2007-09-28 18:51 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll

2007-09-28 18:51 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-09-28 18:51 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2007-09-28 18:51 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-09-28 18:51 38,912 --a------ C:\WINDOWS\system32\picn20.dll

2007-09-28 18:51 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2007-09-28 17:57 <REP> d-------- C:\Program Files\Firetrust

2007-09-28 17:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MailWasherPro

2007-09-28 17:51 <REP> d-------- C:\EPSON

2007-09-28 17:51 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL

2007-09-28 17:51 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL

2007-09-28 17:51 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2007-09-28 17:51 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL

2007-09-28 17:49 <REP> d-------- C:\Program Files\EPSON

2007-09-28 17:35 996,872 --a------ C:\WINDOWS\system32\CP3240MT.DLL

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-26 16:22 232 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2007-10-21 09:21 --------- d-----w C:\Program Files\Java

2007-09-29 08:28 --------- d-----w C:\Program Files\Crazy Browser

2007-09-28 15:52 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-09-28 14:58 9,324,032 ----a-w C:\WINDOWS\system32\RTLCPL.EXE

2007-09-28 14:58 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE

2007-09-28 14:58 294,912 ------w C:\WINDOWS\alcupd.exe

2007-09-28 14:58 200,704 ------w C:\WINDOWS\alcrmv.exe

2007-09-28 14:58 2,317,504 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2007-09-28 14:58 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll

2007-09-28 11:58 --------- d-----w C:\Program Files\Fichiers communs\Java

2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines

2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\ODBC

2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\Audio3D.dll

2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\a3d.dll

2007-09-28 10:03 400,384 ----a-w C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2007-09-28 10:00 --------- d-----w C:\Program Files\VIA

2007-09-28 09:58 --------- d-----w C:\Program Files\Marvell

2007-09-28 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-09-28 09:46 --------- d-----w C:\Program Files\Sunbelt Software

2007-09-28 09:40 --------- d-----w C:\Program Files\Alwil Software

2007-09-28 09:19 --------- d-----w C:\Program Files\microsoft frontpage

2007-09-28 09:18 --------- d-----w C:\Program Files\Services en ligne

2007-09-28 09:17 --------- d-----w C:\Program Files\Fichiers communs\MSSoap

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-31 18:45 69,632 ----a-w C:\WINDOWS\system32\wshext.dll

2007-07-31 18:45 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-07-31 18:45 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll

2007-07-31 18:45 32,768 ----a-w C:\WINDOWS\system32\dispex.dll

2007-07-31 18:45 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll

2007-07-31 18:45 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll

2007-07-31 18:45 135,168 ----a-w C:\WINDOWS\system32\wscript.exe

2007-07-31 18:45 114,688 ----a-w C:\WINDOWS\system32\cscript.exe

.

 

((((((((((((((((((((((((((((( snapshot@2007-10-26_20.23.18.90 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-10-26 18:58:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_748.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{263D9676-810E-11DC-8324-0800200C9A67}]

2007-10-26 11:01 95232 --a------ C:\Program Files\SystemA\ie-improver.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5302307-6F5B-4BBE-BC0C-3EF416F454BC}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

"SoundMan"="SOUNDMAN.EXE" [2007-09-28 16:58 C:\WINDOWS\SOUNDMAN.EXE]

"ASUS Probe"="C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe" [2002-12-06 16:07]

"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 C:\WINDOWS\system32\ptipbmf.dll]

"BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 12:14]

"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-19 12:14]

"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 12:14]

"ec1a4104"="C:\WINDOWS\system32\apeqixya.dll" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34]

"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32]

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-09-28 19:00]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07]

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\

MailWasherPro.lnk - C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe [2004-04-10 07:21:44]

Raccourci vers Snowforw.exe.lnk - C:\Program Files\Snowforw\Snowforw.exe [2007-09-27 12:21:46]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-28 20:36:01]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-09-28 12:00:08]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pfwcjdig]

pfwcjdig.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonkj]

urqonkj.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhg.dll

 

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys

R2 AsProbe;AsProbe;\??\C:\WINDOWS\system32\drivers\AsProbe.sys

S2 A32P;A32P;C:\WINDOWS\system32\drivers\A32P.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c898804e-7293-11dc-979e-0011d898a47d}]

AutoRun\command - I:\LaunchU3.exe -a

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-09-28 14:14:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"

.

**************************************************************************

 

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-26 20:59:08

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-10-26 21:00:53 - machine was rebooted

C:\ComboFix2.txt ... 2007-10-26 20:24

.

--- E O F ---

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:03:20, on 26/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Fast.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\fast.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DynDNS Updater\DynDNS.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

C:\Program Files\Snowforw\Snowforw.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Crazy Browser\Crazy Browser.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SystemA - {263D9676-810E-11DC-8324-0800200C9A67} - C:\Program Files\SystemA\ie-improver.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B5302307-6F5B-4BBE-BC0C-3EF416F454BC} - (no file)

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe

O4 - Startup: Raccourci vers Snowforw.exe.lnk = C:\Program Files\Snowforw\Snowforw.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: pfwcjdig - pfwcjdig.dll (file missing)

O20 - Winlogon Notify: urqonkj - urqonkj.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8336 bytes

Modifié par boheme52
Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Relance HijackThis, coche ces lignes :

 

O2 - BHO: SystemA - {263D9676-810E-11DC-8324-0800200C9A67} - C:\Program Files\SystemA\ie-improver.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B5302307-6F5B-4BBE-BC0C-3EF416F454BC} - (no file)

O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b

O20 - Winlogon Notify: pfwcjdig - pfwcjdig.dll (file missing)

O20 - Winlogon Notify: urqonkj - urqonkj.dll (file missing)

 

 

--> clic sur fix checked

 

Redémarre l'ordinateur

 

Supprime : C:\Program Files\SystemA

 

Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

 

Clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://www.malekal.com/tutorial_antivir.php

 

Pour t'aider tu peux suivre ce lien : http://forum.malekal.com/ftopic4192.php

 

- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.

- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

 

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

 

- Ouvre Antivir par le menu Démarrer / Programmes

- Cliquez sur l'onglet Scanner.

- Sélectionne Manual Selection

- Sélectionne le disque C

- Lance le scan - Mets en quarantaine tous les éléments détectés.

- Une fois le scan terminé Enregistre le rapport.

 

Redémarre en mode normal.

 

Poste le rapport ici.

boheme52 Member

boheme52

Posté(e)
  • Auteur
Posté(e)

En mode sans echec :

 

AntiVir PersonalEdition Classic

Report file date: samedi 27 octobre 2007 13:00

 

Scanning for 904194 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Administrateur

Computer name: MAISON-24D9033A

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55

ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:51:10

ANTIVIR3.VDF : 7.0.0.142 3072 Bytes 26/10/2007 10:51:10

AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 27/10/2007 10:51:10

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: samedi 27 octobre 2007 13:00

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '49' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\qoobox\Quarantine\catchme2007-10-26_202205.85.zip

[0] Archive type: ZIP

--> sstqr.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47972666.qua'!

C:\qoobox\Quarantine\catchme2007-10-26_205845.70.zip

[0] Archive type: ZIP

--> urqonkj.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4797266c.qua'!

C:\qoobox\Quarantine\C\WINDOWS\system32\pmkhg.dll.vir

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '478e267d.qua'!

C:\qoobox\Quarantine\C\WINDOWS\system32\sstqr.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was moved to '4797268c.qua'!

C:\qoobox\Quarantine\C\WINDOWS\system32\sysdl132.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.BHO.AL.4

[iNFO] The file was moved to '47962695.qua'!

C:\qoobox\Quarantine\C\WINDOWS\system32\urqonkj.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was moved to '47942690.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DONNEES>

D:\Cyberlink Power DVD 7[1].0.rar

[0] Archive type: RAR

--> keygen.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

--> crack.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '478527e8.qua'!

Begin scan in 'E:\' <BACKUP>

 

 

End of the scan: samedi 27 octobre 2007 14:09

Used time: 1:09:04 min

 

The scan has been done completely.

 

8493 Scanning directories

488433 Files were scanned

8 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

7 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

488425 Files not concerned

2836 Archives were scanned

2 Warnings

40 Notes

 

J'ai viré tout ce qui avait dans la quarantine

Un reboot

Antivir a relancé un scan en mode normal :

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: samedi 27 octobre 2007 14:28

 

Scanning for 904194 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: MAISON-24D9033A

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55

ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:51:10

ANTIVIR3.VDF : 7.0.0.142 3072 Bytes 26/10/2007 10:51:10

AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 27/10/2007 10:51:10

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: samedi 27 octobre 2007 14:28

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'Fast.exe' - '1' Module(s) have been scanned

Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'rapimgr.exe' - '1' Module(s) have been scanned

Scan process 'Snowforw.exe' - '1' Module(s) have been scanned

Scan process 'MailWasher.exe' - '1' Module(s) have been scanned

Scan process 'raid_tool.exe' - '1' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'AnyDVD.exe' - '1' Module(s) have been scanned

Scan process 'DynDNS.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'Fast.exe' - '1' Module(s) have been scanned

Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned

Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned

Scan process 'tsnpstd3.exe' - '1' Module(s) have been scanned

Scan process 'CameraFixer.exe' - '1' Module(s) have been scanned

Scan process 'InCD.exe' - '1' Module(s) have been scanned

Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned

Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned

Scan process 'AsusProb.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'itype.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

52 processes with 52 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '42' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP77\A0026355.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '475334a5.qua'!

C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP79\A0026501.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '475334ab.qua'!

C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP79\A0026505.exe

[DETECTION] Is the Trojan horse TR/Dldr.BHO.AL.4

[iNFO] The file was moved to '475334ad.qua'!

C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP79\A0026510.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '475334af.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DONNEES>

Begin scan in 'E:\' <BACKUP>

E:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP27\A0004293.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47533bd0.qua'!

E:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP27\A0004294.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47533bd6.qua'!

E:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP59\A0021115.exe

[DETECTION] Is the Trojan horse TR/Agent.36441

[iNFO] The file was moved to '47533d31.qua'!

 

 

End of the scan: samedi 27 octobre 2007 15:28

Used time: 59:53 min

 

The scan has been done completely.

 

8684 Scanning directories

546477 Files were scanned

7 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

7 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

546470 Files not concerned

3111 Archives were scanned

2 Warnings

40 Notes

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Molo sur les cracks, site porno maintenant..

 

 

 

C'est OK, tu n'es plus infecté en suivant les dernières manipulations ci-dessous et lire ATTENTIVEMENT ce qui suit :P

 

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool :P

 

Ton infection : virtumonde

 

Finir le nettoyage :

- Nettoye ton ordinateur avec CCleaner : http://www.malekal.com/tutorial_CCleaner.html

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP

- Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.

 

 

 

je t'invite à jeter un coup d'oeil à ces liens dans la mesure du possible, essaye de rapporter ton infection :

 

Pour les utilisateurs d'Avast! Vous n'êtes pas protégé en utilisant Avast!. Antivir est vraiment très performant, c'est pourquoi, je te conseille d'opter pour cet antivirus qui est gratuit (surtout si tu as Avast!), voici le tutorial d'Antivir : http://www.malekal.com/tutorial_antivir.php

Pour plus d'informations, voici un petit comparatif : http://forum.malekal.com/ftopic3123.php

 

Comment se protéger des virus : - Tout ceci est résume sur cette page : Sécuriser son ordinateur et connaître les menaces

Je t'invite aussi à mettre à jour tous les composants de ton système - Garde l'habitude de les maintenir à jour, un ordinateur avec des logiciels non à jour = infection ! tu peux scanner ton ordinateur pour vérifier quels sont les progammes non à jour en suivant les directives de cette page : http://www.malekal.com/scan_vulnerabilite.php

 

Faire bouger les choses :

 

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :

- Voir les règles de Malware-Complaints

- Enregistre sur le forum à partir du bouton register en haut :

Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age

Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

 

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforu...e115fda8cee41a4

 

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

 

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

 

Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html

Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...