Drop.Delf.czz [RESOLU]

[plm26]

J'ai un gros soucis avec trjan. Il ressemble a un virus du type virtu monde. Impossible de l'eradiquer. J'ai essayer toutes les combinaisons : vundofix / combofix / Fixvundo / virtumundobegone, mais rien à faire. Il réapparait à chaque fois.

 

Le pare feu sunbelt que j'utilise me prévient que des fichiers sont modifiés et qu'il y a une tentative d'intrusion sur lssa.exe

 

J'aimerai éviter de tout reinstaller.

 

Aprés avoir fait un scan de Antivir, il trouve un trojan : DROP.Delf.czz. Mais il n'y a pas de description de ce trojan sur le site Antivir.

 

QUelqu'un a une idée ?

 

Merci d'avance pour votre aide.

Modifié le 30 décembre 2007 par plm26

[Thanos]

salut et bienvenue

 

Poste moi stp le rapport de ComboFix qui se trouve dans C:\ > il se nomme ComboFix.txt

 

Puis Clique ICI pour télécharger le fichier d'installation d'HijackThis :

1. Enregistre HJTInstall.exe sur ton bureau
   
2. Double-clique sur HJTInstall.exe pour lancer le programme
   
3. Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis
   
4. Accepte la license en cliquant sur le bouton "I Accept"
   
5. Choisis l'option "Do a system scan and save a log file"
   
6. Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
   
7. Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
   
8. Colle le rapport que tu viens de copier sur ce forum
   
9. Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
   

Tutoriel > > http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

[plm26]

Je viens de lancer un scan profond avec antivir. Il s'avère que antivir à fait un grand ménage. Le virus avait atteint la gestion du Wifi, counterspy, nod32. J'essaye de remettre de l'ordre. Mais attention des le trojan détecté génére des fichiers proches de vundo monde. D'où la confusion pour l'éradication. Mais ne crions pas victoire trop vite.

Modifié le 22 décembre 2007 par plm26

[Thanos]

salut

 

Et les rapports demandés ? Il est nécéssaire de les voir pour déterminer si l'infection est bien éradiquée.

Poste aussi le rapport d'Antivir si tu peux.

[plm26]

Voici les rapports, pour un oeil eclairé. Merci pour l'analyse :

 

Combo.txt :

 

ComboFix 07-12-21.4 - Philippe 2007-12-22 22:40:39.6 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.438 [GMT 1:00]

Running from: D:\telecharge\outils\antivundo\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-22 22:37 . 2007-12-22 22:37 <REP> d-------- C:\Program Files\Trend Micro

2007-12-22 21:49 . 2007-12-22 21:49 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe

2007-12-22 21:48 . 2007-04-16 11:21 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll

2007-12-22 21:48 . 2007-04-16 11:21 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll

2007-12-22 21:27 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys

2007-12-22 19:21 . 2007-12-22 19:21 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys

2007-12-22 19:20 . 2007-12-22 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software

2007-12-22 18:49 . 2007-12-22 18:48 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-12-22 18:49 . 2007-12-22 18:48 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-12-22 18:49 . 2007-12-22 18:48 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-12-22 09:20 . 2007-12-22 09:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-21 20:31 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-12-21 20:17 . 2007-12-21 20:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBRC.dat

2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBFC.dat

2007-12-20 21:38 . 2004-08-05 14:00 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-20 17:31 . 2007-12-20 17:31 <REP> d-------- C:\VundoFix Backups

2007-12-20 16:39 . 2007-12-20 16:39 <REP> d-------- C:\Program Files\ABC Amber XML Converter

2007-12-20 13:42 . 2007-12-20 13:42 <REP> d-------- C:\WINDOWS\system32\windows media

2007-12-20 13:42 . 2007-12-20 13:42 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-20 12:59 . 2007-12-20 13:51 134,217,728 --a------ C:\rptemp.tmp

2007-12-20 12:56 . 2007-12-20 12:56 <REP> d-------- C:\Program Files\Futuremark

2007-12-19 22:22 . 2007-12-19 22:34 193 --a------ C:\WINDOWS\ComicGURU.INI

2007-12-19 21:42 . 2007-12-19 21:42 <REP> d-------- C:\Program Files\Raysolutions

2007-12-19 08:28 . 2007-12-19 08:28 <REP> d-------- C:\d3temp

2007-12-17 15:18 . 2005-01-14 13:47 180,224 --a------ C:\WINDOWS\system\StillDrv.dll

2007-12-17 15:18 . 2005-08-29 11:14 73,846 --a------ C:\WINDOWS\system32\BisonRem.dll

2007-12-17 07:58 . 2007-12-17 07:58 <REP> d-------- C:\Program Files\NoviiMedia

2007-12-13 12:28 . 2007-12-13 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\AVS4YOU

2007-12-13 12:24 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll

2007-12-13 12:24 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2007-12-13 12:24 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm

2007-12-13 12:24 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm

2007-12-13 12:24 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-12-13 12:24 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm

2007-12-10 10:50 . 2007-12-10 10:50 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\vlc

2007-12-09 21:39 . 2007-12-21 08:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-09 21:39 . 2007-12-09 21:39 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-09 16:17 . 2007-12-09 16:17 <REP> d-------- C:\Program Files\Windows Live

2007-12-09 16:17 . 2007-12-09 16:17 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2007-12-09 16:16 . 2007-12-09 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-07 17:57 . 2007-12-07 17:57 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\DAEMON Tools Pro

2007-12-07 17:55 . 2007-12-07 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2007-12-07 17:50 . 2007-12-07 17:50 <REP> d-------- C:\Program Files\DAEMON Tools Pro

2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\UltraISO

2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems

2007-12-04 12:02 . 2007-12-04 12:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-12-04 11:19 . 2007-12-04 11:19 <REP> d-------- C:\Program Files\Fichiers communs\ODBC

2007-12-04 11:16 . 2007-07-09 14:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-12-04 10:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2007-12-04 10:42 . 2007-12-04 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2007-12-02 11:29 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll

2007-12-02 11:29 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll

2007-12-02 11:28 . 2007-12-02 11:27 737,280 --a------ C:\WINDOWS\iun6002.exe

2007-12-02 11:27 . 2007-12-02 11:27 <REP> d-------- C:\Program Files\Replay Converter

2007-11-30 07:45 . 2007-11-30 07:46 <REP> d-------- C:\Program Files\SuperCopier2

2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Program Files\FastStone Image Viewer

2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\FastStone

2007-11-27 17:09 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg

2007-11-27 14:51 . 2007-11-27 14:51 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\PokerAcademyPro2

2007-11-23 16:14 . 2007-11-23 16:14 <REP> d-------- C:\WINDOWS\system32\Viewers

2007-11-23 16:13 . 2007-11-23 16:13 <REP> d-------- C:\WINDOWS\Twain32

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-22 21:31 1,089,753 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2007-12-22 20:50 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-12-19 07:28 44,239 ----a-w C:\sound32.dll

2007-12-07 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-11-18 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SimCity Societies

2007-11-18 07:00 --------- d-----w C:\Program Files\Electronic Arts

2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-23 06:57 --------- d-----w C:\Program Files\CachemanXP

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-07 08:30 286,720 ----a-w C:\WINDOWS\iun506.exe

2007-09-26 09:50 24,575 ----a-w C:\WINDOWS\system32\gwinapppiobas66.dll

2007-05-16 15:54 83 ----a-w C:\Documents and Settings\Philippe\Application Data\hexplorer.dat

2007-05-16 15:54 4 ----a-w C:\Documents and Settings\Philippe\Application Data\mclip.dat

2007-05-13 23:17 21,888 ----a-w C:\WINDOWS\inf\hopperp.sys

2007-05-04 10:15 7 ---h--r C:\Program Files\~etzero~.aic

2007-01-24 14:06 142,328 ----a-w C:\Documents and Settings\Philippe\file1.zip

2006-07-17 19:27 278 ----a-w C:\Documents and Settings\Philippe\Application Data\config.dat

1999-07-24 05:30 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL

1999-07-24 05:30 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL

1999-07-24 05:30 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL

1999-07-24 05:30 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL

1999-07-24 05:30 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL

1999-07-24 05:30 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL

2006-07-02 10:19 611,659 --sh--w C:\WINDOWS\system32\ybadd.ini2

2006-07-01 07:40 858,451 --sh--w C:\WINDOWS\system32\ybadd.bak2

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-21_14.32.50.73 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-05-08 13:57:08 24,576 ----a-w C:\WINDOWS\ATK0100\AspScal.exe

- 2005-07-28 17:05:42 159,744 ----a-w C:\WINDOWS\ATK0100\ASUSNet.dll

+ 2006-04-13 14:17:00 163,840 ----a-w C:\WINDOWS\ATK0100\ASUSNet.dll

- 2005-11-10 10:11:36 2,170,880 ----a-w C:\WINDOWS\ATK0100\ATKOSD.exe

+ 2006-07-27 19:59:44 2,355,200 ----a-w C:\WINDOWS\ATK0100\ATKOSD.exe

+ 2006-07-28 21:04:06 110,592 ----a-w C:\WINDOWS\ATK0100\HControl.exe

- 2005-02-16 14:40:20 45,056 ----a-w C:\WINDOWS\ATK0100\XPunin.exe

+ 2006-05-04 18:32:26 45,056 ----a-w C:\WINDOWS\ATK0100\XPunin.exe

+ 2007-12-22 18:18:48 19,230 ----a-r C:\WINDOWS\Installer\{9D462A06-E57F-4938-860B-3A9DF681C58E}\ARPPRODUCTICON.exe

+ 2006-07-28 01:45:42 561,152 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3c32.dll

+ 2006-07-28 01:47:04 646,656 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3c64.dll

+ 2006-07-26 09:42:08 1,703,040 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3k32.sys

+ 2006-07-28 01:46:14 2,732,032 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3r32.dll

+ 2006-07-28 01:47:28 2,628,096 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3r64.dll

+ 2006-07-26 09:39:32 1,707,776 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3x32.sys

+ 2006-07-26 09:44:54 2,050,560 ----a-w C:\WINDOWS\system32\DRVSTORE\netw39x5_4FEAD36D67763DF9A95BB5067E0B102E4543CF4A\NETw3x64.sys

+ 2007-04-16 10:21:10 684,032 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45A\NETw4c32.dll

+ 2007-04-30 05:35:52 2,201,856 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45A\NETw4k32.sys

+ 2007-04-16 10:21:46 2,772,992 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45A\NETw4r32.dll

+ 2007-04-16 10:21:10 684,032 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9\NETw4c32.dll

+ 2007-04-16 10:21:46 2,772,992 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9\NETw4r32.dll

+ 2007-04-30 05:37:20 2,206,976 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9\NETw4x32.sys

+ 2007-04-16 10:22:04 733,696 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x64_3FDB2100688236429B1308C609051803854732B5\NETw4c64.dll

+ 2007-04-16 10:22:32 2,669,056 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x64_3FDB2100688236429B1308C609051803854732B5\NETw4r64.dll

+ 2007-04-30 05:42:06 3,093,504 ----a-w C:\WINDOWS\system32\DRVSTORE\netw4x64_3FDB2100688236429B1308C609051803854732B5\NETw4x64.sys

- 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll

+ 2003-02-21 19:42:22 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll

- 2007-05-15 14:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll

+ 2005-09-29 00:13:36 1,303,752 ----a-w C:\WINDOWS\system32\msxml6.dll

- 2007-11-18 08:53:04 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-22 20:48:38 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-11-18 08:53:04 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2007-12-22 20:48:38 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2007-11-18 08:53:04 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-22 20:48:38 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-11-18 08:53:04 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2007-12-22 20:48:38 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2006-07-28 01:45:42 561,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\NETw3c32.dll

+ 2006-07-28 01:46:14 2,732,032 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\NETw3r32.dll

+ 2006-09-27 01:36:24 1,709,696 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\NETw3x32.sys

+ 2004-05-28 09:13:04 16,269 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ASNDIS5.sys

+ 2005-07-28 17:05:42 159,744 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ASUSNet.dll

+ 2004-05-28 09:13:06 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ASW32N50.dll

+ 2005-02-17 22:07:48 5,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ATKACPI.sys

+ 2005-11-10 10:11:36 2,170,880 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ATKOSD.exe

+ 2004-05-28 09:13:08 80,384 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\ATKWLIOC.DLL

+ 2004-05-28 09:13:10 57,344 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\CMSSC.dll

+ 2005-09-22 08:30:42 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\inter_f2.dll

+ 2004-05-28 09:13:10 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\radfn.dll

+ 2005-01-13 15:36:58 303,104 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\SiSPkt.dll

+ 2005-02-16 14:40:20 45,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\XPunin.exe

- 2007-08-27 10:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe

+ 2007-06-13 09:38:44 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe

+ 2007-10-01 15:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll

+ 2007-12-22 21:49:54 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_e8.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DACD1DF-C1DD-459F-8F37-B71C74ECBDAC}]

C:\WINDOWS\system32\pmkjj.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" []

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" []

"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" []

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" []

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" []

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 C:\WINDOWS\RTHDCPL.EXE]

"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" []

"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]

"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" []

"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" []

"CAP2ON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []

"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []

"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" []

"pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" []

"SMSERIAL"="sm56hlpr.exe" [2005-05-27 07:12 C:\WINDOWS\sm56hlpr.exe]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" []

"ISUSScheduler"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" []

"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" []

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" []

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 11:22]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-22 18:48]

"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-13 11:31]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-07-28 22:04]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

"NoDesktopCleanupWizard"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 setuid

 

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-12-22 19:21]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2006-04-14 17:24]

R2 Asystcom;Asystcom;C:\WINDOWS\system32\drivers\Asystcom.sys [2004-01-16 00:44]

R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2007-06-02 11:11]

R2 drpkiont;drpkiont;C:\WINDOWS\system32\drpkiont.sys [2004-02-24 18:41]

R2 sdiont;sdiont;C:\WINDOWS\system32\drivers\sdiont.sys [1999-05-24 19:25]

R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

R2 xdsfast1;XDSFast1 ISA Bus Driver;C:\WINDOWS\system32\xdsfast1.sys [2004-02-24 18:41]

R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

S2 RapidPort2;RapidPort2;C:\WINDOWS\system32\Drivers\CAP2LPT.SYS [2002-04-11 16:00]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]

S3 sdusb2em;SD USB2 Emulator (sdusb2em.sys);C:\WINDOWS\system32\Drivers\sdusb2em.sys [2004-05-17 17:19]

S3 SVNService;SVNService;C:\Program Files\Subversion\bin\SVNService.exe [2004-03-31 18:13]

S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2002-02-19 12:06]

S3 XDS560;Texas Instruments XDS560 Device Driver;C:\WINDOWS\system32\DRIVERS\xds560.sys [2004-02-24 18:41]

S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-08-11 21:48]

 

*Newly Created Service* - AEGISP

*Newly Created Service* - S24TRANS

*Newly Created Service* - SBAPIFS

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-12-22 21:00:02 C:\WINDOWS\Tasks\B519BA2991AE2C31.job"

- c:\docume~1\philippe\applic~1\acidty~1\Vc jump second.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-22 22:52:06

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-22 22:54:23 - machine was rebooted

C:\ComboFix3.txt ... 2007-12-21 20:57

C:\ComboFix2.txt ... 2007-12-22 09:16

 

 

 

Hijack :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:39:09, on 22/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CACHEM~1\CachemanXP.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE

C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE

C:\WINDOWS\system32\CAP2RSK.EXE

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE

C:\Program Files\PopTray\PopTray.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZCfgsvc.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll

O2 - BHO: (no name) - {6DACD1DF-C1DD-459F-8F37-B71C74ECBDAC} - C:\WINDOWS\system32\pmkjj.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe

O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1210.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Clip To ComicGURU - C:\Program Files\Raysolutions\ComicGURU\ComicGURU_IEClip.htm

O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://D:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js

O8 - Extra context menu item: Traduire (SYSTRAN) - res://D:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O15 - Trusted Zone: www.rapdishare.de

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196762222953

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196762202984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{813E808E-F920-405E-8D14-538B9F951A10}: NameServer = 69.69.69.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{12A7E984-E803-4433-B981-FDC4951EA43B}: NameServer = 69.69.69.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{C5B70085-E29A-4AE8-8AD6-DFC4F3EFD88D}: NameServer = 69.69.69.1

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: SVNService - Clansoft - C:\Program Files\Subversion\bin\SVNService.exe

O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

 

--

End of file - 13058 bytes

 

 

Je n'ai plus le rapport antivir.

[Thanos]

salut

 

Antivir a fait du ménage! tu aurais dû le garder

 

On va faire un scan avant de virer des restes >

 

Fais un scan en ligne avec Panda > http://www.nanoscan.com/as/v1/principal.aspx?Lang=en

En images ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054

• Il faut choisir Full Scan (et pas QuickScan)
  
• Poste le rapport qu'il t'affichera à la fin.
  
• Note : Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index
  
• Si ca ne fonctionne pas,assure toi que Internet Explorer est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809
  
• Plus d'infos ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054
  

Poste le rapport stp.

[plm26]

Salut,

 

Voici le rapport de Panda. Beaucoup de cookies et autres saletes en latent.

 

;***********************************************************************************************************************************************************************************

ANALYSIS: 2007-12-24 20:31:07

PROTECTIONS: 1

MALWARE: 47

SUSPECTS: 2

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

ESET NOD32 antivirus system 2.70 2.70 Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00047746 Adware/Lop Adware No 0 Yes No D:\telecharge\outils\lopremover.zip[lopremover.exe]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@doubleclick[1].txt

00139535 Application/Processor HackTools No 0 No No D:\telecharge\outils\antivundo\VirtumundoBeGone.exe[²ƒÇ]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.247realmedia.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@tribalfusion[1].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ccbill[1].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.myaffiliateprogram[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@yadro[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@yadro[2].txt

00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@webpower[1].txt

00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.ademails[1].txt

00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.ademails[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.xiti.com/]

00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@fe.lea.lycos[1].txt

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@gostats[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@toplist[1].txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@888[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www.burstbeacon[2].txt

00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@as1.falkag[1].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.weborama.fr/]

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@weborama[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.weborama.fr/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@adtech[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@adtech[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.adtech.de/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@server.iad.liveperson[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@fl01.ct2.comclick[2].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@fl01.ct2.comclick[2].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@fl01.ct2.comclick[3].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@fl01.ct2.comclick[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@media.adrevolver[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@statse.webtrendslive[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@statse.webtrendslive[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@statse.webtrendslive[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@overture[1].txt

00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www5.addfreestats[2].txt

00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@int.sitestat[1].txt

00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@int.sitestat[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@bluestreak[1].txt

00173987 Cookie/Itrack TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ilead.itrack[1].txt

00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@stats1.reliablestats[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@adultfriendfinder[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@adultfriendfinder[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@searchportal.information[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@searchportal.information[2].txt

00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@errorsafe[2].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4c17fsbw.default\COOKIES.TXT[.smartadserver.com/]

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@smartadserver[2].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www3.addfreestats[1].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www3.addfreestats[2].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www6.addfreestats[2].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@www6.addfreestats[3].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ads.addynamix[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@ads.addynamix[2].txt

00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@winantivirus[2].txt

00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\PLMINGENIERIE\Cookies\plmingenierie@winantispyware[1].txt

00519333 Application/Processor HackTools No 0 Yes No D:\telecharge\outils\antivundo\VirtumundoBeGone.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000044.EXE

01262593 Application/NirCmd.A HackTools No 0 No No H:\TOOLS\ComboFix.exe[nircmd.exe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000181.EXE

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000291.EXE

01262593 Application/NirCmd.A HackTools No 0 No No D:\telecharge\outils\antivundo\ComboFix.exe[nircmd.cfexe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000348.EXE

01262593 Application/NirCmd.A HackTools No 0 No No D:\telecharge\outils\antivundo\ComboFix.exe[nircmd.exe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000480.EXE

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP11\A0001086.EXE

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000121.EXE

01262593 Application/NirCmd.A HackTools No 0 No No H:\TOOLS\ComboFix.exe[nircmd.cfexe]

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Philippe\Cookies\philippe@adserver.easyad[1].txt

01649617 Trj/Hideproc.L Virus/Trojan No 1 Yes No D:\telecharge\outils\HideToolz.zip[HideToolz.exe]

02068727 Generic Backdoor Virus/Trojan No 0 No No D:\telecharge\outils\Power.Video.Converter.v1.5.18.WinALL.Keygen.Only-BRD.rar[Power.Video.Converter.v1.5.18.WinALL.Keygen.Only-BRD\keygen.exe]

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000086.SYS

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000020.SYS

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000313.SYS

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000448.SYS

;===================================================================================================================================================================================

SUSPECTS

Location

;===================================================================================================================================================================================

D:\telecharge\outils\hijackthis_199\backups\backup-20060701-204935-138.dll

D:\telecharge\outils\hijackthis_199\backups\backup-20060702-112119-400.dll

;===================================================================================================================================================================================

Modifié le 24 décembre 2007 par plm26

[Thanos]

salut

 

Il ya un peu de nettoyage à faire >

 

1) Rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/xq7ap0

pour cela, clique sur le lien en bas de page > Download Link: CFScript

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

2) Télécharge ATF Cleaner by Atribune sur ton bureau.

 

Double-clique sur ATF Cleaner afin de lancer le programme.

• Sous l'onglet Main, choisis : Select All
  Clique sur le bouton Empty Selected
   
  Si tu utilises le navigateur Firefox :
   
   
  
• Clique Firefox au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Si tu utilises le navigateur Opera :
   
   
  
• Clique Opera au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Clique Exit, du menu prinicipal, afin de fermer le programme.
  

3) J'aimerai que tu fasses analyser des fichiers en ligne stp >

 

C:\WINDOWS\system32\drivers\Asystcom.sys

C:\WINDOWS\system32\drivers\sbhr.sys

C:\WINDOWS\system32\drpkiont.sys

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> parcours ton disque dur , et recherche le fichier Asystcom.sys que tu trouveras en allant dans le dossier C:\WINDOWS\System32\drivers

 

Tu cliques une fois sur le fichier Asystcom.sys (il prend une couleur bleue!) puis tu cliques sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse .

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

Fais pareil avec les autres.

Il est possible que ces fichiers soient cachés et que tu ne les voit pas : si c'est le cas, fais au préalable >

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

4) Pour finir, fais ce scan en ligne Kaspersky

• Clique sur Accept
  
• Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  
• clique une nouvelle fois sur "Accept"
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Aide en cas de problème :Cybersécurité

 

NOTE: Le scan est à faire avec Internet Explorer.

 

Poste stp le rapport ComboFix qui sera généré et les rapports des fichiers scannés ansi que le rapport Kaspersky

[plm26]

Bonjour,

 

voici Les différents rapports :

 

ComboFix 07-12-21.4 - Philippe 2007-12-26 17:03:55.7 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.405 [GMT 1:00]

Running from: D:\telecharge\outils\antivundo\ComboFix.exe

Command switches used :: C:\download\oui oui\CFScript.txt

* Created a new restore point

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\philippe\applic~1\acidty~1

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-24 18:07 . 2007-12-24 18:07 <REP> d-------- C:\Program Files\Panda Security

2007-12-23 23:42 . 2007-12-23 23:42 <REP> d-------- C:\Program Files\MSXML 6.0

2007-12-23 21:23 . 2007-12-23 21:23 <REP> d-------- C:\Program Files\LucasArts

2007-12-23 14:58 . 2007-12-23 14:58 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Mobipocket

2007-12-23 14:41 . 2007-12-23 14:41 <REP> d-------- C:\Program Files\Mobipocket.com

2007-12-23 14:41 . 2007-12-23 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Mobipocket Shared

2007-12-22 22:37 . 2007-12-22 22:37 <REP> d-------- C:\Program Files\Trend Micro

2007-12-22 21:49 . 2007-12-22 21:49 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe

2007-12-22 21:48 . 2007-04-16 11:21 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll

2007-12-22 21:48 . 2007-04-16 11:21 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll

2007-12-22 21:27 . 2005-02-17 23:07 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys

2007-12-22 19:21 . 2007-12-22 19:21 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys

2007-12-22 19:20 . 2007-12-22 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software

2007-12-22 18:49 . 2007-12-22 18:48 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-12-22 18:49 . 2007-12-22 18:48 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-12-22 18:49 . 2007-12-22 18:48 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-12-22 09:20 . 2007-12-22 09:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-21 20:31 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-12-21 20:17 . 2007-12-21 20:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBRC.dat

2007-12-20 23:09 . 2007-12-20 23:09 0 --a------ C:\WINDOWS\system32\SBFC.dat

2007-12-20 21:38 . 2004-08-05 14:00 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-20 17:31 . 2007-12-20 17:31 <REP> d-------- C:\VundoFix Backups

2007-12-20 16:39 . 2007-12-20 16:39 <REP> d-------- C:\Program Files\ABC Amber XML Converter

2007-12-20 13:42 . 2007-12-20 13:42 <REP> d-------- C:\WINDOWS\system32\windows media

2007-12-20 13:42 . 2007-12-20 13:42 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-20 12:59 . 2007-12-20 13:51 134,217,728 --a------ C:\rptemp.tmp

2007-12-20 12:56 . 2007-12-20 12:56 <REP> d-------- C:\Program Files\Futuremark

2007-12-19 22:22 . 2007-12-23 11:03 193 --a------ C:\WINDOWS\ComicGURU.INI

2007-12-19 21:42 . 2007-12-19 21:42 <REP> d-------- C:\Program Files\Raysolutions

2007-12-19 08:28 . 2007-12-19 08:28 <REP> d-------- C:\d3temp

2007-12-17 15:18 . 2005-01-14 13:47 180,224 --a------ C:\WINDOWS\system\StillDrv.dll

2007-12-17 15:18 . 2005-08-29 11:14 73,846 --a------ C:\WINDOWS\system32\BisonRem.dll

2007-12-17 07:58 . 2007-12-17 07:58 <REP> d-------- C:\Program Files\NoviiMedia

2007-12-13 12:28 . 2007-12-13 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2007-12-13 12:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\AVS4YOU

2007-12-13 12:24 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll

2007-12-13 12:24 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2007-12-13 12:24 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm

2007-12-13 12:24 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm

2007-12-13 12:24 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-12-13 12:24 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm

2007-12-10 10:50 . 2007-12-10 10:50 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\vlc

2007-12-09 16:17 . 2007-12-09 16:17 <REP> d-------- C:\Program Files\Windows Live

2007-12-09 16:17 . 2007-12-09 16:17 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2007-12-09 16:16 . 2007-12-09 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-07 17:57 . 2007-12-07 17:57 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\DAEMON Tools Pro

2007-12-07 17:55 . 2007-12-07 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2007-12-07 17:50 . 2007-12-07 17:50 <REP> d-------- C:\Program Files\DAEMON Tools Pro

2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\UltraISO

2007-12-07 17:37 . 2007-12-07 17:37 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems

2007-12-04 12:02 . 2007-12-04 12:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-12-04 11:19 . 2007-12-04 11:19 <REP> d-------- C:\Program Files\Fichiers communs\ODBC

2007-12-04 11:16 . 2007-07-09 14:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-12-04 10:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2007-12-04 10:42 . 2007-12-04 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2007-12-02 11:29 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll

2007-12-02 11:29 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll

2007-12-02 11:28 . 2007-12-02 11:27 737,280 --a------ C:\WINDOWS\iun6002.exe

2007-12-02 11:27 . 2007-12-02 11:27 <REP> d-------- C:\Program Files\Replay Converter

2007-11-30 07:45 . 2007-11-30 07:46 <REP> d-------- C:\Program Files\SuperCopier2

2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Program Files\FastStone Image Viewer

2007-11-28 22:52 . 2007-11-28 22:52 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\FastStone

2007-11-27 17:09 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg

2007-11-27 14:51 . 2007-11-27 14:51 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\PokerAcademyPro2

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-26 15:59 1,192,377 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2007-12-22 20:50 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-12-19 07:28 44,239 ----a-w C:\sound32.dll

2007-12-07 16:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-11-18 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SimCity Societies

2007-11-18 07:00 --------- d-----w C:\Program Files\Electronic Arts

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll

2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-10-07 08:30 286,720 ----a-w C:\WINDOWS\iun506.exe

2007-09-26 09:50 24,575 ----a-w C:\WINDOWS\system32\gwinapppiobas66.dll

2007-05-16 15:54 83 ----a-w C:\Documents and Settings\Philippe\Application Data\hexplorer.dat

2007-05-16 15:54 4 ----a-w C:\Documents and Settings\Philippe\Application Data\mclip.dat

2007-05-13 23:17 21,888 ----a-w C:\WINDOWS\inf\hopperp.sys

2007-05-04 10:15 7 ---h--r C:\Program Files\~etzero~.aic

2007-01-24 14:06 142,328 ----a-w C:\Documents and Settings\Philippe\file1.zip

2006-07-17 19:27 278 ----a-w C:\Documents and Settings\Philippe\Application Data\config.dat

1999-07-24 05:30 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL

1999-07-24 05:30 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL

1999-07-24 05:30 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL

1999-07-24 05:30 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL

1999-07-24 05:30 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL

1999-07-24 05:30 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL

2006-07-02 10:19 611,659 --sh--w C:\WINDOWS\system32\ybadd.ini2

2006-07-01 07:40 858,451 --sh--w C:\WINDOWS\system32\ybadd.bak2

2007-09-25 11:47 80 --sh--r C:\WINDOWS\system32\EA540F0556.dll

.

 

((((((((((((((((((((((((((((( snapshot_2007-12-22_22.52.49.34 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-07-29 21:47:34 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2007-12-23 20:54:24 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2007-07-29 21:47:34 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2007-12-23 20:54:24 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2007-07-29 21:47:34 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2007-12-23 20:54:24 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2007-07-29 21:47:34 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2007-12-23 20:54:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2007-07-29 21:47:34 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2007-12-23 20:54:26 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2007-07-29 21:47:34 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2007-12-23 20:54:26 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2007-07-29 21:47:34 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2007-12-23 20:54:26 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2007-07-29 21:47:36 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2007-12-23 20:54:26 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2007-07-29 21:47:34 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2007-12-23 20:54:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll

+ 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll

+ 2007-08-20 09:59:30 124,928 ------w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll

+ 2007-08-20 09:59:30 214,528 ------w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll

+ 2007-08-20 09:59:30 132,608 ------w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll

+ 2007-08-20 09:59:30 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll

+ 2007-08-17 10:22:12 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe

+ 2007-08-20 09:59:30 153,088 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll

+ 2007-08-20 09:59:30 230,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll

+ 2007-08-17 07:34:26 161,792 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll

+ 2007-08-20 09:59:30 383,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll

+ 2007-08-20 09:59:30 384,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll

+ 2007-08-20 09:59:30 6,058,496 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll

+ 2007-08-20 09:59:30 44,544 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll

+ 2007-08-20 09:59:30 267,776 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll

+ 2007-08-17 10:22:12 13,824 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe

+ 2007-08-17 10:22:32 625,152 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe

+ 2007-08-20 09:59:30 27,648 ------w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll

+ 2007-08-20 09:59:30 459,264 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll

+ 2007-08-20 09:59:30 52,224 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll

+ 2007-08-20 09:59:30 3,584,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll

+ 2007-08-20 09:59:30 477,696 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll

+ 2007-08-20 09:59:30 193,024 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll

+ 2007-08-20 09:59:30 671,232 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll

+ 2007-08-20 09:59:32 102,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll

+ 2007-03-06 01:34:38 216,800 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll

+ 2007-08-20 09:59:32 105,984 ------w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll

+ 2007-08-20 09:59:32 1,152,000 ------w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll

+ 2007-08-20 09:59:32 232,960 ------w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll

+ 2007-08-20 09:59:32 824,832 ------w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

+ 2007-12-23 13:58:18 50,008 ----a-r C:\WINDOWS\Installer\{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}\_6FEFF9B68218417F98F549.exe

- 2007-12-04 10:30:40 34,304 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2007-12-23 22:42:46 34,304 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2007-12-04 10:30:40 8,192 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2007-12-23 22:42:46 8,192 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2007-12-04 10:30:40 3,584 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2007-12-23 22:42:46 3,584 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2007-12-04 10:30:40 114,688 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2007-12-23 22:42:46 114,688 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

- 2007-12-04 10:30:40 16,384 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2007-12-23 22:42:46 16,384 ----a-r C:\WINDOWS\Installer\{911A040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2007-05-11 20:03:24 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe

+ 2007-12-23 10:41:26 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe

- 2007-05-11 20:03:24 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe

+ 2007-12-23 10:41:26 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe

+ 2007-12-23 08:29:12 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-5676-5A64-7E8A45000001}\ARPPRODUCTICON.exe

+ 2007-12-23 13:50:36 22,486 ----a-r C:\WINDOWS\Installer\{E06EC520-78B1-49D6-9B86-3786E8E04C16}\_12db153c.exe

+ 2007-12-23 13:50:36 22,486 ----a-r C:\WINDOWS\Installer\{E06EC520-78B1-49D6-9B86-3786E8E04C16}\_7e87390c.exe

+ 2007-12-23 13:50:36 22,486 ----a-r C:\WINDOWS\Installer\{E06EC520-78B1-49D6-9B86-3786E8E04C16}\_f3e99.exe

- 2007-08-20 09:59:30 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2001-01-22 02:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL

+ 2004-01-29 14:08:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL

- 2007-08-20 09:59:30 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-08-20 09:59:30 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2007-08-20 09:59:30 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-08-17 10:22:12 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2007-10-10 11:00:42 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-08-20 09:59:30 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-08-20 09:59:30 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-08-17 07:34:26 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2007-10-10 05:46:56 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-08-20 09:59:30 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-08-20 09:59:30 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-08-20 09:59:30 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2007-10-10 23:49:44 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-08-20 09:59:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2007-10-10 23:49:44 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2007-10-10 23:49:44 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-08-17 10:22:12 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-08-20 09:59:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2007-11-01 23:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-08-20 09:59:30 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-08-20 09:59:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-08-20 09:59:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-08-20 09:59:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2007-10-10 23:49:46 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2005-09-29 00:13:36 1,303,752 ----a-w C:\WINDOWS\system32\msxml6.dll

+ 2007-05-15 14:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll

- 2007-08-20 09:59:32 102,400 ----a-w C:\WINDOWS\system32\occache.dll

+ 2007-10-10 23:49:46 102,400 ----a-w C:\WINDOWS\system32\occache.dll

- 2007-12-22 20:48:38 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-23 14:03:26 77,596 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-12-22 20:48:38 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2007-12-23 14:03:26 90,622 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2007-12-22 20:48:38 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-23 14:03:26 444,056 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-12-22 20:48:38 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2007-12-23 14:03:26 511,386 ----a-w C:\WINDOWS\system32\perfh00C.dat

- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe

- 2007-08-20 09:59:32 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2007-10-10 23:49:46 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-08-20 09:59:32 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2007-10-10 23:49:46 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-08-20 09:59:32 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2007-10-10 23:49:46 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2007-08-20 09:59:32 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-10-10 23:49:46 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-12-26 16:12:56 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_7e8.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2006-06-15 17:48 442368 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" []

"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" []

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" []

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" []

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 C:\WINDOWS\RTHDCPL.EXE]

"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" []

"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]

"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" []

"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" []

"CAP2ON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []

"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []

"pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" []

"SMSERIAL"="sm56hlpr.exe" [2005-05-27 07:12 C:\WINDOWS\sm56hlpr.exe]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" []

"ISUSScheduler"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" []

"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" []

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" []

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 11:22]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-22 18:48]

"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-13 11:31]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-07-28 22:04]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

"NoDesktopCleanupWizard"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 setuid

 

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-12-22 19:21]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2006-04-14 17:24]

R2 Asystcom;Asystcom;C:\WINDOWS\system32\drivers\Asystcom.sys [2004-01-16 00:44]

R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2007-06-02 11:11]

R2 drpkiont;drpkiont;C:\WINDOWS\system32\drpkiont.sys [2004-02-24 18:41]

R2 sdiont;sdiont;C:\WINDOWS\system32\drivers\sdiont.sys [1999-05-24 19:25]

R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

R2 xdsfast1;XDSFast1 ISA Bus Driver;C:\WINDOWS\system32\xdsfast1.sys [2004-02-24 18:41]

S2 RapidPort2;RapidPort2;C:\WINDOWS\system32\Drivers\CAP2LPT.SYS [2002-04-11 16:00]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]

S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

S3 sdusb2em;SD USB2 Emulator (sdusb2em.sys);C:\WINDOWS\system32\Drivers\sdusb2em.sys [2004-05-17 17:19]

S3 SVNService;SVNService;C:\Program Files\Subversion\bin\SVNService.exe [2004-03-31 18:13]

S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2002-02-19 12:06]

S3 XDS560;Texas Instruments XDS560 Device Driver;C:\WINDOWS\system32\DRIVERS\xds560.sys [2004-02-24 18:41]

S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-08-11 21:48]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-12-26 16:00:02 C:\WINDOWS\Tasks\B519BA2991AE2C31.job"

- c:\docume~1\philippe\applic~1\acidty~1\Vc jump second.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-26 17:19:18

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-26 17:20:59 - machine was rebooted

C:\ComboFix3.txt ... 2007-12-22 09:16

C:\ComboFix2.txt ... 2007-12-22 22:54

 

 

 

Virus TOTAL :

 

Fichier Asystcom.sys reçu le 2007.12.26 18:06:43 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2007.12.27.10 2007.12.26 -

AntiVir 7.6.0.46 2007.12.26 -

Authentium 4.93.8 2007.12.26 -

Avast 4.7.1098.0 2007.12.26 -

AVG 7.5.0.516 2007.12.25 -

BitDefender 7.2 2007.12.26 -

CAT-QuickHeal 9.00 2007.12.25 -

ClamAV 0.91.2 2007.12.26 -

DrWeb 4.44.0.09170 2007.12.26 -

eSafe 7.0.15.0 2007.12.26 -

eTrust-Vet 31.3.5400 2007.12.24 -

Ewido 4.0 2007.12.26 -

FileAdvisor 1 2007.12.26 -

Fortinet 3.14.0.0 2007.12.26 -

F-Prot 4.4.2.54 2007.12.25 -

F-Secure 6.70.13030.0 2007.12.26 -

Ikarus T3.1.1.15 2007.12.26 -

Kaspersky 7.0.0.125 2007.12.26 -

McAfee 5192 2007.12.24 -

Microsoft 1.3109 2007.12.26 -

NOD32v2 2747 2007.12.25 -

Norman 5.80.02 2007.12.26 -

Panda 9.0.0.4 2007.12.25 -

Prevx1 V2 2007.12.26 -

Rising 20.24.21.00 2007.12.26 -

Sophos 4.24.0 2007.12.26 -

Sunbelt 2.2.907.0 2007.12.21 -

Symantec 10 2007.12.26 -

TheHacker 6.2.9.168 2007.12.22 -

VBA32 3.12.2.5 2007.12.26 -

VirusBuster 4.3.26:9 2007.12.26 -

Webwasher-Gateway 6.6.2 2007.12.26 -

 

Information additionnelle

File size: 20912 bytes

MD5: 11779a2dc30ae3c3381b84641a36dc1f

SHA1: 5aa0fb930ddb759ac6cbab5fe97ea73ce1d93cb9

PEiD: -

 

 

 

 

File sbhr.sys received on 12.23.2007 05:31:06 (CET)Antivirus Version Last Update Result

AhnLab-V3 2007.12.22.10 2007.12.21 -

AntiVir 7.6.0.46 2007.12.22 -

Authentium 4.93.8 2007.12.23 -

Avast 4.7.1098.0 2007.12.22 -

AVG 7.5.0.516 2007.12.22 -

BitDefender 7.2 2007.12.23 -

CAT-QuickHeal 9.00 2007.12.22 -

ClamAV 0.91.2 2007.12.23 -

DrWeb 4.44.0.09170 2007.12.22 -

eSafe 7.0.15.0 2007.12.20 -

eTrust-Vet 31.3.5395 2007.12.21 -

Ewido 4.0 2007.12.22 -

FileAdvisor 1 2007.12.23 -

Fortinet 3.14.0.0 2007.12.23 -

F-Prot 4.4.2.54 2007.12.22 -

F-Secure 6.70.13030.0 2007.12.21 -

Ikarus T3.1.1.15 2007.12.23 -

Kaspersky 7.0.0.125 2007.12.23 -

McAfee 5191 2007.12.21 -

Microsoft 1.3109 2007.12.23 -

NOD32v2 2743 2007.12.23 -

Norman 5.80.02 2007.12.21 -

Panda 9.0.0.4 2007.12.22 -

Prevx1 V2 2007.12.23 -

Rising 20.23.52.00 2007.12.22 -

Sophos 4.24.0 2007.12.22 -

Sunbelt 2.2.907.0 2007.12.21 -

Symantec 10 2007.12.23 -

TheHacker 6.2.9.168 2007.12.22 -

VBA32 3.12.2.5 2007.12.22 -

VirusBuster 4.3.26:9 2007.12.23 -

Webwasher-Gateway 6.6.2 2007.12.23 -

 

Additional information

Tamano archivo: 15544 bytes

MD5: c6ea8d8c6442648746f69e3d75cacf98

SHA1: 0a8c657bfbb5e2f6a90973dc3f802c7a54ca237a

PEiD: -

 

 

 

Fichier drpkiont.sys reçu le 2007.12.26 18:09:07 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2007.12.27.10 2007.12.26 -

AntiVir 7.6.0.46 2007.12.26 -

Authentium 4.93.8 2007.12.26 -

Avast 4.7.1098.0 2007.12.26 -

AVG 7.5.0.516 2007.12.25 -

BitDefender 7.2 2007.12.26 -

CAT-QuickHeal 9.00 2007.12.25 -

ClamAV 0.91.2 2007.12.26 -

DrWeb 4.44.0.09170 2007.12.26 -

eSafe 7.0.15.0 2007.12.26 -

eTrust-Vet 31.3.5400 2007.12.24 -

Ewido 4.0 2007.12.26 -

FileAdvisor 1 2007.12.26 -

Fortinet 3.14.0.0 2007.12.26 -

F-Prot 4.4.2.54 2007.12.25 -

F-Secure 6.70.13030.0 2007.12.26 -

Ikarus T3.1.1.15 2007.12.26 -

Kaspersky 7.0.0.125 2007.12.26 -

McAfee 5192 2007.12.24 -

Microsoft 1.3109 2007.12.26 -

NOD32v2 2747 2007.12.25 -

Norman 5.80.02 2007.12.26 -

Panda 9.0.0.4 2007.12.25 -

Prevx1 V2 2007.12.26 -

Rising 20.24.21.00 2007.12.26 -

Sophos 4.24.0 2007.12.26 -

Sunbelt 2.2.907.0 2007.12.21 -

Symantec 10 2007.12.26 -

TheHacker 6.2.9.168 2007.12.22 -

VBA32 3.12.2.5 2007.12.26 -

VirusBuster 4.3.26:9 2007.12.26 -

Webwasher-Gateway 6.6.2 2007.12.26 -

 

Information additionnelle

File size: 3968 bytes

MD5: 5b2410766376cb6b2be95b6d6824b771

SHA1: 1fc6d5ea2cadb94671c3fc70a2dd073f2fcb789b

PEiD: -

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, December 26, 2007 11:01:11 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 26/12/2007

Kaspersky Anti-Virus database records: 494220

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

 

Scan Statistics:

Total number of scanned objects: 349024

Number of viruses found: 9

Number of infected objects: 15

Number of suspicious objects: 0

Duration of the scan process: 03:45:19

 

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_7e8.dat Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Philippe\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Philippe\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Philippe\Local Settings\Temp\WCESLog.log Object is locked skipped

C:\Documents and Settings\Philippe\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Philippe\Application Data\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\Philippe\ntuser.dat Object is locked skipped

C:\Program Files\Eset\logs\virlog.dat Object is locked skipped

C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped

C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped

C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP2\A0000432.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP24\change.log Object is locked skipped

D:\developpement\SEE\Wifi_old\tftp\SolarWinds-TFTP-Server.exe/WISE0049.BIN Infected: not-a-virus:Server-FTP.Win32.PremierServer.Tftp.503 skipped

D:\developpement\SEE\Wifi_old\tftp\SolarWinds-TFTP-Server.exe WiseSFX: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP24\change.log Object is locked skipped

D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe/file1 Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped

D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe/file2 Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped

D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe/file7 Infected: Trojan.Win32.Obfuscated.en skipped

D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000518.exe Inno: infected - 3 skipped

D:\System Volume Information\_restore{5E11CCDA-BFB6-4D47-BA35-61D7CE3448BC}\RP3\A0000519.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped

D:\telecharge\outils\HideToolz.zip/HideToolz.exe Infected: not-a-virus:RiskTool.Win32.HideProc.d skipped

D:\telecharge\outils\HideToolz.zip ZIP: infected - 1 skipped

D:\telecharge\outils\hijackthis_199\backups\backup-20060701-204935-138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

D:\telecharge\outils\hijackthis_199\backups\backup-20060702-112119-400.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

D:\telecharge\outils\lopremover.zip/lopremover.exe Infected: Packed.Win32.PolyCrypt.d skipped

D:\telecharge\outils\lopremover.zip ZIP: infected - 1 skipped

D:\telecharge\outils\nero\Extract\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

 

Scan process completed.

[Thanos]

salut

 

Ok le scan avec Kaspersky ne montre rien de plus .

 

Quelques fichiers à éliminer >

 

-Télécharge OTMoveIt (par OldTimer). Sauvegarde-le sur ton Bureau.

• Copie le texte en bleu/gras ci-bas (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :
  D:\telecharge\outils\HideToolz.zip
  D:\telecharge\outils\Power.Video.Converter.v1.5.18.WinALL.Keygen.Only-BRD.rar
  D:\telecharge\outils\antivundo\VirtumundoBeGone.exe
  D:\telecharge\outils\nero\Extract\Toolbar.exe
  D:\telecharge\outils\lopremover.zip
  C:\WINDOWS\Tasks\B519BA2991AE2C31.job
  C:\WINDOWS\system32\ybadd.ini2
  C:\WINDOWS\system32\ybadd.bak2
  C:\Documents and Settings\Philippe\file1.zip
  C:\WINDOWS\system32\EA540F0556.dll
  C:\WINDOWS\msdownld.tmp
  
  
• Double-clique sur OTMoveIt.exe afin de lancer le programme.
  
• Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée
  
• Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
  
• Clique à présent sur le bouton "MoveIt!".
  

Un rapport va être créé, il se trouve dans C:\_OTMoveIt\MovedFiles\

Le nom du rapport est la date de sa création.

 

Je reviens sur ce que tu disait plus tôt >

Aprés avoir fait un scan de Antivir, il trouve un trojan : DROP.Delf.czz.

Est ce que tu reçois encore des alertes ?