Virus, insuprimable

[Walmas]

je vais refaire la manipulation en prioriter des fois que j'aille mal fait quelquechose et apres je repond a toutes tes questions.

[angelique]

ok , remontée| essayons ceci, ZA ne veut pas se faire "desinfecter"`desactive ZA mais coupe toi physiquement[modem|routeur du net]::

 

1/**ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

RENV::
C:\Program Files\Skype\Phone\Skype .exe
FILE::
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

* Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau rapport HJT

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[Walmas]

Rapport combo fix :

 

ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-10 20:39:50.6 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]

Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt

* Created a new restore point

 

FILE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT

2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT

2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs

2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe

2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe

2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun

2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll

2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll

2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games

2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series

2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll

2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk

2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo!

2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner

2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro

2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF

2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat

2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat

2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue

2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue

2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe

2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-12-26 00:55 . 2008-01-10 20:43 <REP> d-------- C:\WINDOWS\Internet Logs

2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites

2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar

2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps

2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe

2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm

2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm

2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET

2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache

2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0

2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles

2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP

2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard

2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll

2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll

2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll

2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll

2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll

2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard

2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp

2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys

2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe

2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP

2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat

2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat

2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2

2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2007-12-10 20:59 . 2008-01-04 23:00 <REP> d-------- C:\Program Files\GSI

2007-12-10 17:03 . 2007-12-30 15:24 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3

2007-12-10 17:01 . 2007-12-10 17:09 <REP> dr------- C:\Program Files\Musics

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-10 19:43 878,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-10 19:41 13,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-10 19:33 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype

2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus

2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM

2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip

2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2

2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux

2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead

2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer

2007-12-07 14:28 --------- d-----w C:\Program Files\Java

2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer

2007-12-06 22:32 --------- d-----w C:\Program Files\DivX

2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack

2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX

2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic

2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic

2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield

2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-01 11:20 --------- d-----w C:\Program Files\Google

2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live

2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment

2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-12-01 09:55 --------- d-----w C:\Program Files\Skype

2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype

2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro

2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java

2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead

2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead

2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek

2007-12-01 08:29 --------- d-----w C:\Program Files\VIA

2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer

2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT

2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders

2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay

2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft

2007-11-30 23:20 --------- d-----w C:\Program Files\Philips

2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software

2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe

2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines

2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC

2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet

2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs

2007-11-30 22:41 --------- d-----w C:\Program Files\Motive

2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive

2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files

2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive

2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP

2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump

2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware

2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne

2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap

2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

.

<pre>
----a-w		21,760,296 2007-12-23 14:42:55  C:\Program Files\Skype\Phone\Skype .exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

+ 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

- 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll

+ 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll

- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

- 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll

+ 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll

+ 2008-01-10 19:44:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3f4.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]

"nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224]

"phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360]

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14]

R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-10 20:44]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 20:44:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-10 20:47:55 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-10 19:47:52

ComboFix2.txt 2008-01-10 19:36:50

ComboFix3.txt 2008-01-10 18:11:33

ComboFix4.txt 2008-01-09 20:24:45

ComboFix5.txt 2008-01-09 13:06:54

.

2008-01-09 17:26:40 --- E O F ---

 

 

et rapport HJT :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:51:51, on 10/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Dit.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vphc600.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\HJT\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 7142 bytes

 

(y a toujour un récalcitrant, Skype est un progiciel me permettant de discuter en ligne avec amis et familles)

 

Pour les info demander :

Avant de venir poster ici j'ai fait une analyse avec avast en Scan minutieux avec scan des archives, puis j'ai planifier un scan au démarrage, et apres j'ai fait tout un tas de scan en ligne me doutant qu'avast n'avait pas tout détecté, kapersky et panda m'on detecter plein d'autres bebete (38 ou 48 je sais plus combien), j'ai fait des recherche sur chacuns des trojan, virus , vers |(et droppers eventuelles se trouvant sur mon pc)|, Puis éliminer chacunes de ces bebetes moi meme en suivant les instruction et en vérifiant qu'il ne s'agit pas de proccesuss legitime, de fichier important , ect .... apres pour les 4 dernieres bebetes, je n'arrivait pas à les virer j'ai donc suivi des instructions se trouvant sur votre forum decouvert qu'il s'agissai de vundo, j'ai donc virer 3 des 4 bebetes restantes il ne me restai plsu que le fichier efcbaay.dll que tu m'a aider a faire partir, donc mon probleme d'origine est regler , de se qui concerne Avast je ne suis pas partisant mais malheureusement je ne suis pas seul utilisateur de cet ordinateur (sinon il y a longtemps que j'aurai mis Nod 32 ou f-secur) donc je ne pense pas pouvoir mettre antivir a cause des autres utilisateur qui n'arriveraient pas à se servir et se familiarisé avec un programme antivirus en anglais voila j'espere n'avoir oublier aucun points.

 

Journal d'avast :

là il ne s'agit que des avertissement, tout se qui ets Ficher ici n'es pas entrer sur l'ordinateur(normalement).

 

06/12/2007 14:36:18 Christophe CHEVRIAUX 1492 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E.

06/12/2007 23:26:26 SYSTEM 1584 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://download.betanews.com/download/1094...klcodec357f.exe (C:\WINDOWS\TEMP\_avast4_\unp102049467.tmp) returning error, 0000001E.

08/12/2007 08:16:47 Christophe CHEVRIAUX 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E.

08/12/2007 12:51:39 Christophe CHEVRIAUX 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E.

14/12/2007 00:10:21 È’|Hð‘¤à< 1480 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.

14/12/2007 00:10:21 È’|Hð‘¤à< 1480 An error has occured while attempting to update. Please check the logs.

14/12/2007 10:00:28 Christophe CHEVRIAUX 1488 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E.

16/12/2007 14:17:57 SYSTEM 1476 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: E:\Program Files\WinRAR\rarext.dll (E:\Program Files\WinRAR\rarext.dll) returning error, 0000001E.

16/12/2007 21:41:46 SYSTEM 1476 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.

16/12/2007 21:41:46 SYSTEM 1476 An error has occured while attempting to update. Please check the logs.

25/12/2007 19:09:11 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\VVSNInst.exe\VVSN.exe" file.

25/12/2007 19:09:46 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\VVSNInst.exe" file.

25/12/2007 19:09:49 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file.

25/12/2007 19:09:53 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file.

25/12/2007 19:09:55 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{app}\NNSUNA3_88.exe" file.

25/12/2007 19:09:56 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\Quentin\Bureau\jeux\Onslaught\Onslaughtinstalateur.exe\{sys}\RKInstaller.exe" file.

25/12/2007 19:10:01 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\VVSNInst.exe\VVSN.exe" file.

25/12/2007 19:10:54 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\VVSNInst.exe" file.

25/12/2007 19:10:55 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file.

25/12/2007 19:10:56 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file.

25/12/2007 19:10:57 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{app}\NNSUNA3_88.exe" file.

25/12/2007 19:10:57 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\Quentin\Bureau\jeux\Tank Assault\Tank_Assault.exe\{sys}\RKInstaller.exe" file.

25/12/2007 19:11:03 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\VVSNInst.exe\VVSN.exe" file.

25/12/2007 19:11:08 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\VVSNInst.exe" file.

25/12/2007 19:11:09 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file.

25/12/2007 19:11:11 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file.

25/12/2007 19:11:11 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{app}\NNSUNA3_88.exe" file.

25/12/2007 19:11:12 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\Quentin\Bureau\jeux\The Great Mahjong\Great_Mahjong.exe\{sys}\RKInstaller.exe" file.

25/12/2007 19:19:53 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\VVSNInst.exe\VVSN.exe" file.

25/12/2007 19:19:56 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\VVSNInst.exe" file.

25/12/2007 19:19:57 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file.

25/12/2007 19:19:59 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file.

25/12/2007 19:20:00 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{app}\NNSUNA3_88.exe" file.

25/12/2007 19:20:01 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008787.exe\{sys}\RKInstaller.exe" file.

25/12/2007 19:20:03 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\VVSNInst.exe\VVSN.exe" file.

25/12/2007 19:20:05 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\VVSNInst.exe" file.

25/12/2007 19:20:06 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file.

25/12/2007 19:20:07 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file.

25/12/2007 19:20:07 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{app}\NNSUNA3_88.exe" file.

25/12/2007 19:20:08 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008788.exe\{sys}\RKInstaller.exe" file.

25/12/2007 19:20:13 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\VVSNInst.exe\VVSN.exe" file.

25/12/2007 19:20:17 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\VVSNInst.exe" file.

25/12/2007 19:20:19 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]\[Embedded#1baa8]" file.

25/12/2007 19:20:20 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\NNSUNA3_88.exe\[Embedded#06060]" file.

25/12/2007 19:20:20 Christophe CHEVRIAUX 1540 Sign of "Win32:Adware-gen [Adw]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{app}\NNSUNA3_88.exe" file.

25/12/2007 19:20:21 Christophe CHEVRIAUX 1540 Sign of "Win32:LdPinch-EU [Trj]" has been found in "F:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP56\A0008789.exe\{sys}\RKInstaller.exe" file.

01/01/2008 01:17:10 Christophe CHEVRIAUX 3344 Sign of "Win32:Agent-PCJ [Adw]" has been found in "c:\windows\system32\gqgtoivs.exe" file.

01/01/2008 01:18:13 Christophe CHEVRIAUX 3668 Sign of "Win32:Agent-PCJ [Adw]" has been found in "c:\windows\system32\gqgtoivs.exe" file.

01/01/2008 01:18:51 Christophe CHEVRIAUX 3944 Sign of "Win32:Agent-PCJ [Adw]" has been found in "c:\windows\system32\gqgtoivs.exe" file.

01/01/2008 01:25:15 Christophe CHEVRIAUX 3648 Sign of "Win32:Agent-PCJ [Adw]" has been found in "C:\Documents and Settings\Christophe CHEVRIAUX\Local Settings\Temporary Internet Files\Content.IE5\UJRYG61Z\gamadril20071203[1]" file.

01/01/2008 01:29:31 SYSTEM 476 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.

01/01/2008 01:29:36 SYSTEM 476 An error has occured while attempting to update. Please check the logs.

01/01/2008 03:06:30 Christophe CHEVRIAUX 3648 Sign of "Win32:Agent-PCJ [Adw]" has been found in "C:\System Volume Information\_restore{939368E1-49FE-4D0E-B851-8018A8F9F125}\RP69\A0013189.exe" file.

01/01/2008 03:25:08 Christophe CHEVRIAUX 3648 Sign of "Win32:Agent-PCJ [Adw]" has been found in "C:\WINDOWS\system32\trz21.tmp" file.

04/01/2008 23:40:29 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file.

04/01/2008 23:41:03 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:41:14 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:41:31 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file.

04/01/2008 23:41:46 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file.

04/01/2008 23:41:51 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:41:59 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:42:06 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:42:11 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:42:33 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\AWVVU.DLL" file.

04/01/2008 23:42:37 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:46:23 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:46:30 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:46:38 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:46:49 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:47:23 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:47:36 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:47:43 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:47:47 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:47:52 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:47:56 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:48:01 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:48:20 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

04/01/2008 23:48:45 SYSTEM 388 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

05/01/2008 01:42:17 Christophe CHEVRIAUX 196 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqq.dll" file.

05/01/2008 09:41:32 Christophe CHEVRIAUX 152 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvt.dll" file.

05/01/2008 10:41:32 Christophe CHEVRIAUX 152 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyw.dll" file.

05/01/2008 16:39:53 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyw.dll" file.

05/01/2008 17:39:51 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtst.dll" file.

05/01/2008 18:39:52 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqn.dll" file.

05/01/2008 19:39:54 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geeba.dll" file.

05/01/2008 19:42:20 Christophe CHEVRIAUX 220 Sign of "Win32:Virut" has been found in "C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TFR3D.tmp\album_725.JPeG_schevriaux@hotmail.fr.com" file.

05/01/2008 20:39:54 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaba.dll" file.

05/01/2008 21:39:55 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtstt.dll" file.

05/01/2008 22:39:57 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjk.dll" file.

05/01/2008 23:39:58 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtutq.dll" file.

06/01/2008 00:40:00 Christophe CHEVRIAUX 220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaba.dll" file.

06/01/2008 09:09:13 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file.

06/01/2008 09:12:39 Christophe CHEVRIAUX 160 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: D:\AOEINST.EXE (D:\AOEINST.EXE) returning error, 0000001E.

06/01/2008 10:09:13 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcca.dll" file.

06/01/2008 11:09:14 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geedc.dll" file.

06/01/2008 12:09:15 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvv.dll" file.

06/01/2008 14:12:16 Christophe CHEVRIAUX 160 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtst.dll" file.

06/01/2008 15:23:09 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.

06/01/2008 16:23:09 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhe.dll" file.

06/01/2008 17:23:10 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjh.dll" file.

06/01/2008 18:23:12 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayy.dll" file.

06/01/2008 19:23:13 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddabb.dll" file.

06/01/2008 20:23:13 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcd.dll" file.

06/01/2008 21:23:14 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqn.dll" file.

06/01/2008 22:23:21 SYSTEM 144 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcca.dll" file.

07/01/2008 08:26:26 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhh.dll" file.

07/01/2008 09:26:26 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddabb.dll" file.

07/01/2008 10:26:27 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebya.dll" file.

07/01/2008 11:26:27 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhe.dll" file.

07/01/2008 12:26:29 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqp.dll" file.

07/01/2008 13:26:30 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.

07/01/2008 16:51:51 Christophe CHEVRIAUX 188 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmn.dll" file.

07/01/2008 18:00:06 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.

07/01/2008 19:00:06 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhe.dll" file.

07/01/2008 20:00:11 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqo.dll" file.

07/01/2008 21:00:09 Christophe CHEVRIAUX 280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqq.dll" file.

07/01/2008 22:39:38 Christophe CHEVRIAUX 236 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjk.dll" file.

08/01/2008 12:23:40 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkji.dll" file.

08/01/2008 13:23:42 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file.

08/01/2008 14:53:07 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaya.dll" file.

08/01/2008 15:53:09 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtstq.dll" file.

08/01/2008 16:53:10 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsts.dll" file.

08/01/2008 17:49:21 Christophe CHEVRIAUX 1596 Sign of "EICAR Test-NOT virus!!" has been found in "http://tav.kaspersky.fr/test/level12.zip\LEVEL11.ZIP\LEVEL10.ZIP\LEVEL9.ZIP\LEVEL8.ZIP\LEVEL7.ZIP\LEVEL6.ZIP\LEVEL5.ZIP\LEVEL4.ZIP\LEVEL3.ZIP\LEVEL2.ZIP\LEVEL1.ZIP\eicar.exe" file.

08/01/2008 17:53:11 Christophe CHEVRIAUX 1596 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstts.dll" file.

08/01/2008 19:44:24 Christophe CHEVRIAUX 1476 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkjg.dll" file.

 

Et ceci est le journal des erreur :

 

06/12/2007 14:36:18 Christophe CHEVRIAUX 1492 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E.

06/12/2007 18:28:40 Christophe CHEVRIAUX 2312 Scan of "D:\" area failed with 00000015 error (function avfilesScanReal failed).

06/12/2007 23:26:26 SYSTEM 1584 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://download.betanews.com/download/1094...klcodec357f.exe failed, 0000001E.

08/12/2007 08:16:47 Christophe CHEVRIAUX 1488 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E.

08/12/2007 12:51:39 Christophe CHEVRIAUX 1488 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E.

09/12/2007 00:19:55 Christophe CHEVRIAUX 4064 Scan of "E:\" area failed with 00000003 error (function avfilesScanReal failed).

09/12/2007 00:19:55 Christophe CHEVRIAUX 4064 Scan of "F:\" area failed with 00000003 error (function avfilesScanReal failed).

14/12/2007 10:00:28 Christophe CHEVRIAUX 1488 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E.

16/12/2007 14:17:57 SYSTEM 1476 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Program Files\WinRAR\rarext.dll failed, 0000001E.

28/12/2007 18:29:20 Christophe CHEVRIAUX 3748 Scan of "E:\" area failed with 00000003 error (function avfilesScanReal failed).

28/12/2007 18:29:21 Christophe CHEVRIAUX 3748 Scan of "F:\" area failed with 00000003 error (function avfilesScanReal failed).

06/01/2008 09:12:39 Christophe CHEVRIAUX 160 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\AOEINST.EXE failed, 0000001E.

 

je n'es rien d'autre.

Modifié le 10 janvier 2008 par Walmas

[angelique]

ok!! on se fait le dernier::

 

**ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

FILE::
C:\Program Files\Skype\Phone\Skype .exe

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

* Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau rapport HJT

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt,

 

**supprime le dossier en gras (la "quarantaine" de ComboFix:: c:\qoobox

 

**Tu ne vas pas desinstaller avast , je comprend, mais tu vas tout de meme scanner en Mode Sans Echec avec antivir de cette maniere::

 

¥Desactive temporairement Avast

 

¥Télécharger Antivir http://www.freeav.com/

 

 

http://dl5.avgate.net/down/windows/antivir..._win7u_en_h.exe

 

installer et paramétrer Antivir.

Il est impératif de le configurer correctement afin de faire le meilleur scan possible --> voir la procédure ici (imprimez la) ::

 

http://speedweb1.free.fr/frames2.php?page=tuto5

 

¥Reboot en mode sans echec

Au redémarrage, tapoter immédiatement la touche F8; vous verrez un écran avec choix de démarrages apparaître.

En utilisant les flèches du clavier, choisir "Mode Sans Échec" et valider avec "Entrée".

Choisir son compte usuel, et non Administrateur

 

Scan antivir

--> Garder le rapport

 

¥ Désinstaller antivir/avira

 

Tous les processus n'apparaitront pas forcement dans le Gestionnaire de Tâches

(Démarrer -> Exécuter -> taskmgr) vu que vous etes en mode sans echec, mais voici les processus à killer:

 

Terminer les processus suivants dans le gestionnaire des tâches (faire Ctrl+Alt+Suppr pour ouvrir la fenêtre puis cliquer sur l'onglet Processus) : AVGUARD.EXE - SCHED.EXE - et AVGNT.EXE puis, désinstaller Antivir dans ajout/suppression de programmes.

Supprimer les dossier restant: C:\Program Files\avira

 

¥Reboot normal , Avast va automatiquement se relançer vu que tu l'as precedemment juste desactivé

 

**poste le nouveau rapport ComboFix et le rapport Antivir

[Walmas]

1er rapport combofix :

ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-11 16:37:45.7 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.622 [GMT 1:00]

Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\CFScript.txt

* Created a new restore point

 

FILE

C:\Program Files\Skype\Phone\Skype .exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\Skype\Phone\Skype .exe

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT

2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT

2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs

2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe

2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe

2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun

2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll

2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll

2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games

2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series

2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll

2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk

2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo!

2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner

2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro

2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF

2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat

2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat

2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue

2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue

2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe

2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-12-26 00:55 . 2008-01-11 16:34 <REP> d-------- C:\WINDOWS\Internet Logs

2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites

2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar

2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps

2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe

2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm

2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm

2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET

2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache

2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0

2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles

2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP

2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard

2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll

2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll

2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll

2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll

2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll

2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard

2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp

2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys

2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe

2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP

2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat

2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat

2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2

2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 15:39 929,824 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-11 15:28 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-01-10 22:02 13,772 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype

2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus

2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM

2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip

2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2

2008-01-04 22:00 --------- d-----w C:\Program Files\GSI

2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux

2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3

2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2007-12-10 16:09 --------- d-----r C:\Program Files\Musics

2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead

2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer

2007-12-07 14:28 --------- d-----w C:\Program Files\Java

2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer

2007-12-06 22:32 --------- d-----w C:\Program Files\DivX

2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack

2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX

2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic

2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic

2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield

2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-01 11:20 --------- d-----w C:\Program Files\Google

2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live

2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment

2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-12-01 09:55 --------- d-----w C:\Program Files\Skype

2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype

2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro

2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java

2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead

2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead

2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek

2007-12-01 08:29 --------- d-----w C:\Program Files\VIA

2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer

2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT

2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders

2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay

2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft

2007-11-30 23:20 --------- d-----w C:\Program Files\Philips

2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software

2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe

2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines

2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC

2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet

2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs

2007-11-30 22:41 --------- d-----w C:\Program Files\Motive

2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive

2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files

2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive

2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP

2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump

2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware

2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne

2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap

2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-08_20.33.06.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

+ 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

- 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll

+ 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll

- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

- 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll

+ 2008-01-09 07:50:51 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll

+ 2008-01-11 15:27:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]

"nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224]

"phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14]

R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-11 16:28]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 16:40:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-11 16:40:37

ComboFix-quarantined-files.txt 2008-01-11 15:40:34

ComboFix2.txt 2008-01-10 19:47:55

ComboFix3.txt 2008-01-10 19:36:50

ComboFix4.txt 2008-01-10 18:11:33

ComboFix5.txt 2008-01-09 20:24:45

.

2008-01-09 17:26:40 --- E O F ---

 

 

rapport HJT :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:41:28, on 11/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Dit.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vphc600.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Club-Internet\Lanceur\lanceur.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\HJT\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fr/securityadvisor/virusinfo/webscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 7128 bytes

 

antivir scan :

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 11 janvier 2008 17:44

 

Scanning for 1027093 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Christophe CHEVRIAUX

Computer name: CC-5DEED6F4546C

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:50:41

ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 15:50:41

ANTIVIR3.VDF : 7.0.1.226 147968 Bytes 11/01/2008 15:50:41

AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 11/01/2008 15:50:41

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.2 360488 Bytes 11/01/2008 15:50:41

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

 

Start of the scan: vendredi 11 janvier 2008 17:44

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '38' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080108-174232-828.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was deleted!

 

 

End of the scan: vendredi 11 janvier 2008 19:11

Used time: 1:27:06 min

 

The scan has been done completely.

 

4469 Scanning directories

409246 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

1 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

409245 Files not concerned

2100 Archives were scanned

1 Warnings

1 Notes

 

2eme rapport combofix apres le scan d'antivir :

 

 

ComboFix 08-01-07.5 - Christophe CHEVRIAUX 2008-01-11 19:19:08.8 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.595 [GMT 1:00]

Running from: C:\Documents and Settings\Christophe CHEVRIAUX\Bureau\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-11 16:49 . 2008-01-11 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-01-09 21:03 . 2008-01-10 18:59 <REP> d-------- C:\WINDOWS\ERUNT

2008-01-08 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-08 20:19 . 2008-01-08 20:22 <REP> d-------- C:\HJT

2008-01-08 19:54 . 2008-01-09 13:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs

2008-01-08 19:50 . 2008-01-08 19:50 210,416 --a------ C:\zlsSetup_70_337_000_fr.exe

2008-01-08 18:22 . 2008-01-08 18:22 132,608 --a------ C:\VundoFix.exe

2008-01-05 18:32 . 2008-01-05 18:32 <REP> d-------- C:\WINDOWS\Sun

2008-01-05 09:42 . 1999-01-25 12:00 143,872 --------- C:\WINDOWS\system32\iacenc.dll

2008-01-05 09:42 . 1999-01-25 12:00 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll

2008-01-05 09:40 . 2008-01-05 09:40 <REP> d-------- C:\Program Files\Microsoft Games

2008-01-04 20:11 . 2008-01-04 20:11 <REP> d-------- C:\Program Files\hp deskjet 3420 series

2008-01-04 20:11 . 2002-06-21 11:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt05.dll

2008-01-04 20:11 . 2008-01-04 20:11 800 --a------ C:\WINDOWS\hpinfo.lnk

2007-12-29 05:03 . 2007-12-29 05:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2007-12-28 21:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-28 19:33 . 2007-12-28 19:33 <REP> d-------- C:\Program Files\Yahoo!

2007-12-28 19:33 . 2007-12-28 19:41 <REP> d-------- C:\Program Files\CCleaner

2007-12-28 03:21 . 2007-12-28 03:21 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-12-27 20:48 . 2007-11-30 22:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2007-12-27 20:48 . 2007-11-30 23:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-12-27 20:48 . 2007-11-30 23:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-12-27 19:27 . 2007-12-27 19:27 <REP> d-------- C:\Program Files\Trend Micro

2007-12-27 19:07 . 2007-12-27 19:07 <REP> d--h----- C:\WINDOWS\PIF

2007-12-27 18:57 . 2007-12-27 19:00 1,348 --a------ C:\WINDOWS\mozver.dat

2007-12-27 18:53 . 2007-12-27 18:53 0 --a------ C:\WINDOWS\nsreg.dat

2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Uniblue

2007-12-26 03:28 . 2007-12-26 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue

2007-12-26 02:49 . 2007-12-26 17:36 961 --a------ C:\WINDOWS\srvdsgf.exe

2007-12-26 00:58 . 2007-12-26 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2007-12-26 00:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-12-26 00:57 . 2008-01-08 19:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-12-26 00:55 . 2008-01-11 19:19 <REP> d-------- C:\WINDOWS\Internet Logs

2007-12-25 20:54 . 2007-12-25 20:54 <REP> d-------- C:\Program Files\Windows Live Favorites

2007-12-25 20:53 . 2007-12-25 20:53 <REP> d-------- C:\Program Files\Windows Live Toolbar

2007-12-25 20:42 . 2007-12-25 20:46 <REP> d-------- C:\Program Files\MSN Apps

2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-25 19:48 . 2008-01-01 04:03 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-12-22 18:42 . 2008-01-04 18:31 339,968 --a------ C:\WINDOWS\vphc600.exe

2007-12-22 18:42 . 2007-12-27 20:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-12-20 22:02 . 2007-12-20 22:02 268 --ah----- C:\sqmdata16.sqm

2007-12-20 22:02 . 2007-12-20 22:02 244 --ah----- C:\sqmnoopt16.sqm

2007-12-20 20:04 . 2007-12-20 20:04 <REP> d-------- C:\Program Files\Microsoft.NET

2007-12-20 20:04 . 2007-12-20 20:04 <REP> dr-h----- C:\MSOCache

2007-12-20 20:02 . 2007-12-20 20:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-12-20 20:00 . 2007-12-20 20:00 <REP> d-------- C:\Program Files\MSXML 4.0

2007-12-20 19:15 . 2007-12-20 20:01 <REP> d-------- C:\ProgramFiles

2007-12-19 15:16 . 2007-12-19 15:16 <REP> d-------- C:\Program Files\Fichiers communs\HP

2007-12-19 15:15 . 2008-01-04 20:16 <REP> d-------- C:\Program Files\Hewlett-Packard

2007-12-19 15:15 . 2007-12-19 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2007-12-19 15:14 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll

2007-12-19 15:14 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll

2007-12-19 15:14 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll

2007-12-19 15:14 . 2004-05-11 10:53 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll

2007-12-19 15:14 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll

2007-12-19 15:13 . 2007-12-19 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard

2007-12-19 15:12 . 2007-12-19 15:12 <REP> d-------- C:\WINDOWS\system32\URTTemp

2007-12-19 15:05 . 2004-06-21 19:50 51,088 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys

2007-12-19 15:05 . 2004-06-21 19:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2007-12-19 15:04 . 2004-06-21 19:50 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-12-19 15:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-12-19 14:48 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-12-19 14:48 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-12-19 14:48 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-12-19 14:48 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe

2007-12-19 14:48 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-12-19 14:48 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-12-19 14:47 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\HP

2007-12-19 14:46 . 2007-12-19 15:22 104,265 --a------ C:\WINDOWS\hpoins04.dat

2007-12-19 14:46 . 2004-06-21 19:50 17,176 --------- C:\WINDOWS\hpomdl04.dat

2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2007-12-16 19:17 . 2007-12-16 19:17 <REP> d-------- C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\teamspeak2

2007-12-16 19:17 . 2007-12-16 19:17 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 18:21 983,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-11 18:15 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-01-11 16:00 14,444 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Skype

2008-01-10 18:02 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Azureus

2008-01-10 16:15 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\skypePM

2008-01-08 18:55 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2008-01-08 18:55 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-01-07 07:20 23,644 ----a-w C:\WINDOWS\Internet Logs\zonealarm_2nd_2008_01_06_15_23_18_small.dmp.zip

2008-01-06 19:11 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\OpenOffice.org2

2008-01-04 22:00 --------- d-----w C:\Program Files\GSI

2007-12-31 00:55 --------- d-----w C:\Program Files\Jeux

2007-12-30 14:24 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\U3

2007-12-17 21:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-12-17 21:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-12-16 08:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2007-12-10 16:09 --------- d-----r C:\Program Files\Musics

2007-12-09 00:19 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Ahead

2007-12-07 22:45 --------- d-----w C:\Program Files\Windows Journal Viewer

2007-12-07 14:28 --------- d-----w C:\Program Files\Java

2007-12-06 22:33 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer

2007-12-06 22:32 --------- d-----w C:\Program Files\DivX

2007-12-06 22:29 --------- d-----w C:\Program Files\K-Lite Codec Pack

2007-12-06 22:22 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\DivX

2007-12-06 22:06 --------- d-----w C:\Program Files\Media Player Classic

2007-12-06 22:06 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Media Player Classic

2007-12-06 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-01 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-01 17:04 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\InstallShield

2007-12-01 14:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-01 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-01 11:20 --------- d-----w C:\Program Files\Google

2007-12-01 10:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2007-12-01 10:10 --------- d-----w C:\Program Files\Windows Live

2007-12-01 10:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment

2007-12-01 09:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-12-01 09:55 --------- d-----w C:\Program Files\Skype

2007-12-01 09:55 --------- d-----w C:\Program Files\Fichiers communs\Skype

2007-12-01 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2007-12-01 09:32 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\BSplayer Pro

2007-12-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2007-12-01 09:23 --------- d-----w C:\Program Files\Fichiers communs\Java

2007-12-01 09:21 --------- d-----w C:\Program Files\Ahead

2007-12-01 09:20 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2007-12-01 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead

2007-12-01 08:31 --------- d-----w C:\Program Files\Realtek

2007-12-01 08:29 --------- d-----w C:\Program Files\VIA

2007-12-01 08:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-11-30 23:41 --------- d-----w C:\Program Files\Snapshot Viewer

2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT

2007-11-30 23:40 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-30 23:29 --------- d-----w C:\Documents and Settings\Christophe CHEVRIAUX\Application Data\Microsoft Web Folders

2007-11-30 23:25 --------- d-----w C:\Program Files\Camgoo TwoPlay

2007-11-30 23:24 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft

2007-11-30 23:20 --------- d-----w C:\Program Files\Philips

2007-11-30 23:04 --------- d-----w C:\Program Files\Alwil Software

2007-11-30 23:03 17,521,856 ----a-w C:\Program Files\setupfre.exe

2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines

2007-11-30 22:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC

2007-11-30 22:49 --------- d-----w C:\Program Files\Club-Internet

2007-11-30 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs

2007-11-30 22:41 --------- d-----w C:\Program Files\Motive

2007-11-30 22:41 --------- d-----w C:\Program Files\Fichiers communs\Motive

2007-11-30 22:41 --------- d-----w C:\Program Files\Common Files

2007-11-30 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive

2007-11-30 22:39 155,995 ----a-w C:\WINDOWS\java\Packages\EFHNB3DJ.ZIP

2007-11-30 22:39 --------- d-----w C:\Program Files\BroadJump

2007-11-30 22:28 --------- d-----w C:\Program Files\X10 Hardware

2007-11-30 21:58 --------- d-----w C:\Program Files\Services en ligne

2007-11-30 21:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap

2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 04:03 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 18:32 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]

"nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-04 18:31 376912]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-04 18:31 79224]

"phc600"="C:\WINDOWS\vphc600.exe" [2008-01-04 18:31 339968]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 18:32 132496]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-04 18:32 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-04 18:32 241664]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-01 04:03 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14]

R3 phc600;USB PC Camera (phc600);C:\WINDOWS\system32\DRIVERS\phc600.sys [2005-02-22 19:48]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-11 19:15]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f0028c-a739-11dc-8a3e-00196635b8e5}]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 19:21:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-11 19:21:53

ComboFix2.txt 2008-01-11 15:40:38

.

2008-01-09 17:26:40 --- E O F ---

 

 

(lors du scan d'antivi les 3 processus que vous m'avez demander de terminer ne s'étaient pas afficher mais taskmgr était bien actif lui)

Modifié le 11 janvier 2008 par Walmas

[angelique]

Ok!! j'attends le log antivir ,HJT est est propre ^^, antivir a du finir de trouver qlqs merdes!!, et on finit apres normalement apres lecture^^

[Walmas]

on dirai que c'est comme neuf a premiere vue (je ne suis pas un expert ) je repasserai si j'ai encore 2-3 trucs a faires mais dans tout les cas MERCI BEAUCOUP

(puis-je désinstaller combofix?)

Modifié le 11 janvier 2008 par Walmas

[angelique]

on dirai que c'est comme neuf a premiere vue (je ne suis pas un expert ) je repasserai si j'ai encore 2-3 trucs a faires mais dans tout les cas MERCI BEAUCOUP

(puis-je désinstaller combofix?)

 

---------------------------------

 

Oui , ComboFix se "desinstalle" de cette maniere::

 

Copie\colle la ligne entiere ci dessous dans démarrer==executer

 

"%userprofile%\Bureau\combofix.exe" /u

 

@++

[Walmas]

Encore une fois , merci enormement