Je n'arrive pas à supprimer les virus de mon PC

yoda93 · le 11 juin 2008

Bonjour tout le monde.

Merci pour ce site, son forum et les conseils que l’on peut y trouver régulièrement.

En général j’essaie par moi-même et en visitant les divers forums dont le votre pour solutionner les divers problèmes que je peux rencontrer sur ma machine. Cela va des ptites attaques virales aux divers problèmes que tout un chacun peut rencontrer.

Mais là franchement je sèche carrément car même en sillonnant vos pages je n’ai trouvées aucune solution efficace pour éradiquer les soucis rencontrés.

Voici donc ce qu’il se passe :

Un soir souhaitant allez faire une analyse en ligne de mon pc je me rend sur le site inoculer.com (bien entendu j’avais regardé ce qu’il en était dit avant de faire quoique ce soit ) et je lance un logiciel de détection en ligne.

Quelle fût ma surprise lorsqu’immédiatement AVAST me trouve une infection. Je termine donc directement le programme lancé et décide de nettoyer mon pc dans la foulée mais avec mes logiciels (c-cleaner, easy clean, ad-aware, avg anti spyware et ensuite scan en ligne avec secuser).

Là les soucis commencent, on me trouve et ce n’est que le début :

Virus : Cryp Morphine – chemin : C :\Windows\System32\khz2kg85.exe

Trojan Win32.Obfuscated.avw – Chemin : C:\Windows\System32\dfrguih.dll processus 1212 ; 1648 ; 1240

Même Trojan dans winlogon mais nommé apparemment kngirkdz

Trojan-clicker.win32.Delf.ach – chemin : C:\Windows\System32\dfrguih.dll.bak

Win32 : Trojan-gen{gen}

Donc là je commence à me dire que la poisse est de retour car un mois avant j’avais chopé Beagle et avait réussi à éradiquer le monstre.

Donc je me rends sur votre forum et regarde un peu ce que je peux faire pour tout ce que j’ai nommé plus haut. Mais franchement rien ne change malgré vos conseils.

Et d’un seul coup mon écran devient bleu et je vois marqué :

Stop C000021a (erreur système irrécupérable) Le processus système Winlogon Process s’est terminé de façon innatendue avec l’état 0x0000013 (0x00000000 0x00000000) Le système a été arrêté.

Là ça me gave et reprend le taureau par les cornes et tente de relancer des vérif. sur mon pc en mode sans échec après avoir suivies vos conseils.

Je me rend compte déjà que dans la restauration système je n’ai plus aucune date d’affichées et ensuite que le mode sans échec n’est plus disponible.

En fait lorsque je presse F8 ou F5 j’accède à la page du mode sans échec, je sélectionne ce qu’il faut et malheureusement le pc redémarre en mode normal car le mode sans échec n’est pas disponible.

Jusque là tt va mal mais tout va bien quand même mon pc tourne normalement et je n’ai plus d’alertes.

Enfin faut pas s’emballer car la suite vient le lendemain.

J’allume mon pc, rien ne rame ça tourne nickel, pas d’alerte virale de suite…

Souhaitant accéder au panneau de config (je suis sous XP édition familiale au fait), je fais démarrer « panneau de config » et là on me demande si je veux créer un raccourci. Je pense à une fausse manip de ma part, donc je réitère mon action et encore pareil pour la demande de raccourci.

J’utilise le raccourci clavier pour accéder au poste de travail et hop nouvel étonnement, on me marque « paramètre incorrect ». Je recommence et toujours pareil.

Ensuite voyant ma poubelle pleine, je tente également de l’ouvrir pour voir ce qu’il y a dedans et là comme pour le panneau de config on me demande si j’accepte de créer un raccourci.

Ensuite je redémarre mon PC (Oui oui c’est un roman je sais ) et "étonnationnement", plus de bureau, plus rien, plus rien.

Je réfléchis un ptiot peu au lieu de mettre un coup de chausson à l’UC et passe par le gestionnaire de tache, la commande exécuter et accède à tous mes documents… Donc déjà pas de bobos, enfin pas trop.

J’accède au net également et regarde comme faire réapparaître le bureau. Apparemment il faut tapoter la commande explorer.exe dans exécuter. Je le fais et hop tt réapparaît. Mais cela ne solutionne pas mon souci de raccourcis et je me rends également compte que mes dossiers se trouvant sur le bureau ne sont plus accessibles, sauf en passant par démarrer, exécuter et parcourir…

En somme un vrai merdier si je peux me permettre d’écrire cela ici.

Alors hier j’ai fait plein de ptits rapports avec divers logiciels pour vous qui vous y connaissez bien mieux que moi et allez peut-être pouvoir m’aider.

Rapport Bitdefendder : RAS.

Rapport Secuser : RAS

Rapport AVG anti-spyware : RAS

Rapport Rogue mover : RAS

Rapport AVG anti Rootkit : RAS

Rapport Navilog : RAS

Rapport Winsos : RAS

Rapport C-Cleaner : RAS

Maintenant voici les rapports avec plein de trucs écrits dedans :

Rapport HitJack :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:09:13, on 10/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVAST ANTIVIRUS\aswUpdSv.exe

C:\Program Files\AVAST ANTIVIRUS\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\AVASTA~1\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVAST ANTIVIRUS\ashWebSv.exe

c:\program files\a square\a-squared free\a2service.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

c:\program files\fichiers communs\mozilla shared\firefox.exe

C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: (no name) - {4805A96E-4492-4650-8CE1-7049ABF14535} - C:\WINDOWS\system32\amstreams.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D77E7A40-7534-420A-B6B3-0B3956C11474} - c:\windows\system32\dfrguih.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [fenaffiche] "C:\Program Files\FenAffiche\Fenpowernet.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205858377087

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab

O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1120132856000.kit.sexequalite.com/1...bertix_Sexe.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer = 194.117.200.10,194.117.200.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer = 194.117.200.10,194.117.200.15

O20 - Winlogon Notify: knqjrkdz - C:\WINDOWS\SYSTEM32\dfrguih.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a square\a-squared free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AVAST ANTIVIRUS\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: SrvQxa - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing)

--

End of file - 10551 bytes

Rapport A-Square :

Version - a-squared Free 3.5

Dernière mise à jour : 10/06/2008 16:20:38

Paramètres des balayages :

Éléments : Mémoire, Traces, Cookies, C:\, E:\

Balaye dans les archives : Marche

Analyse heuristique : Marche

Balaye dans les ADS : Marche

Début du balayage : 10/06/2008 16:25:20

[1324] C:\WINDOWS\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw

[1808] c:\windows\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw

[576] c:\windows\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw

C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20

C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\Reboot.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f

C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\SmitfraudFix.zip/Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20

C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix\SmitfraudFix.zip/Reboot.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f

C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f

C:\Program Files\EXTRACTION vidéo sur site internet\vdownloader version 0.61.zip/VDownloader.exe Objets détectés : Riskware.Downloader.Win32.VDown.a

C:\Program Files\Navilog1\Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20

C:\Program Files\Navilog1\reboot.exe Objets détectés : Riskware.RiskTool.Win32.Reboot.f

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP1\A0000009.dll Objets détectés : Trojan.Win32.Obfuscated.avw

C:\WINDOWS\system32\dfrguih.dll Objets détectés : Trojan.Win32.Obfuscated.avw

C:\WINDOWS\system32\dfrguih.dll.bak Objets détectés : Trojan.Win32.Obfuscated.avw

Analysé

Fichiers : 210416

Traces : 441010

Cookies : 59

Processus : 34

Objets trouvés

Fichiers : 11

Traces : 0

Cookies : 10

Processus : 3

Clés de Registre : 0

Fin du balayage : 10/06/2008 20:18:12

Temps du balayage : 3:52:52

Rapport Smitfraudfix :

SmitFraudFix v2.323

Rapport fait à 21:35:20,09, 10/06/2008

Executé à partir de C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVAST ANTIVIRUS\aswUpdSv.exe

C:\Program Files\AVAST ANTIVIRUS\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\AVASTA~1\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\AVAST ANTIVIRUS\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

c:\program files\a square\a-squared free\a2service.exe

c:\program files\fichiers communs\mozilla shared\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info

127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoda

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yoda\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\yoda~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets

DNS Server Search Order: 194.117.200.10

DNS Server Search Order: 194.117.200.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer=194.117.200.10,194.117.200.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer=194.117.200.10,194.117.200.15

HKLM\SYSTEM\CS1\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer=194.117.200.10,194.117.200.15

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer=194.117.200.10,194.117.200.15

HKLM\SYSTEM\CS3\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer=194.117.200.10,194.117.200.15

HKLM\SYSTEM\CS3\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer=194.117.200.10,194.117.200.15

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Rapports AVAST (liste des avertissements depuis 2007) :

27/07/2007 03:26:10 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b32ee082fc68db8fc238d826fa80054267" file.

27/07/2007 03:26:20 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\HT3YMROA\HoTMaiL[1].htm" file.

27/07/2007 03:26:42 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b362150adb05666eba8f1fd02be78dde47" file.

27/07/2007 03:26:48 SYSTEM 396 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\GAAO1QZS\HoTMaiL[1].htm" file.

27/07/2007 09:38:54 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "http://by141fd.bay141.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=84674621f9252aca252e4c6f623724fb3b4ba0c93f6c24a2a0fec81aa45f8a26\unp128818099" file.

27/07/2007 09:39:18 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\D5A5955M\HoTMaiL[1].htm" file.

27/07/2007 09:41:42 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "http://by141fd.bay141.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=84674621f9252aca252e4c6f623724fb27363310af94eab74b462d73d4a84348\unp175282971" file.

27/07/2007 09:45:12 SYSTEM 300 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\OQZ18WK1\HoTMaiL[1].htm" file.

27/07/2007 10:23:24 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by141fd.bay141.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=84674621f9252aca252e4c6f623724fbd454b01d6a880601e1ebbf49e4e49e07\unp225386101" file.

27/07/2007 10:22:38 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\G9ZJT5ZW\HoTMaiL[1].htm" file.

27/07/2007 10:23:22 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b32b40a27b36496d594a14c5afdd5d91ec" file.

27/07/2007 10:23:26 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\G9ZJT5ZW\HoTMaiL[1].htm" file.

27/07/2007 11:01:47 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b3cdae517b0f24d8b5c1af30575e8aeb1a" file.

27/07/2007 11:01:56 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\XSKHPC90\HoTMaiL[1].htm" file.

27/07/2007 11:03:08 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b3c23a81a80f085a62193ffaaef64fa3c1" file.

27/07/2007 11:03:16 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\XSKHPC90\HoTMaiL[1].htm" file.

27/07/2007 11:04:05 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b326b33368e61987e3a058e9fb958c512a" file.

27/07/2007 11:04:25 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b334b36d798f5cd090e71ee9ea90f32f63" file.

27/07/2007 11:04:44 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b30fca5706488af2ebf4e6a1fdb14675eb" file.

27/07/2007 11:06:35 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=8545e7094efdcd82118d9adabc1837b3dd9e440c518afdc2e846c841baa8601d" file.

27/07/2007 11:07:08 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\PHZEC5IB\HoTMaiL[3].htm" file.

27/07/2007 11:07:26 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\XSKHPC90\HoTMaiL[3].htm" file.

27/07/2007 11:11:04 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\G9ZJT5ZW\HoTMaiL[1].htm" file.

27/07/2007 11:15:34 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\ZDL9WX8Y\HoTMaiL[1].htm" file.

27/07/2007 11:56:26 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "http://by112fd.bay112.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=79e82640d9c372bfd8ba0a033a5a80a91ea5e966dd31d2e2e8de0511d6406b82" file.

27/07/2007 11:56:47 SYSTEM 1928 Sign of "VBS:Malware [script]" has been found in "C:\Documents and Settings\yoda\Local Settings\Temporary Internet Files\Content.IE5\ZDL9WX8Y\HoTMaiL[1].htm" file.

01/09/2007 20:39:54 SYSTEM 1832 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.

01/09/2007 20:39:54 SYSTEM 1832 An error has occured while attempting to update. Please check the logs.

14/09/2007 22:17:16 SYSTEM 244 Function setifaceUpdatePackages() has failed. Return code is 0x20000019, dwRes is 20000019.

14/09/2007 22:17:16 SYSTEM 244 An error has occured while attempting to update. Please check the logs.

22/09/2007 13:18:00 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.

22/09/2007 13:18:01 SYSTEM 1972 An error has occured while attempting to update. Please check the logs.

13/10/2007 10:00:23 SYSTEM 496 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.

13/10/2007 10:00:24 SYSTEM 496 An error has occured while attempting to update. Please check the logs.

14/10/2007 09:37:49 yoda 3184 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A.

14/10/2007 09:38:22 yoda 3184 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A.

05/11/2007 12:04:05 SYSTEM 380 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.

05/11/2007 12:05:22 SYSTEM 380 An error has occured while attempting to update. Please check the logs.

02/12/2007 21:47:48 SYSTEM 548 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.

02/12/2007 21:47:49 SYSTEM 548 An error has occured while attempting to update. Please check the logs.

16/02/2008 16:33:58 yoda 1308 Sign of "Win32:DelMBR [Trj]" has been found in "C:\Pilotes\PILOTES.ISO\OUTILS\RéINST~1\MBR.EXE\mbr.IMA" file.

16/02/2008 16:36:30 yoda 1308 Sign of "Win32:DelMBR [Trj]" has been found in "C:\Pilotes\PILOTES.ISO\OUTILS\RéINST~1\MBR.ISO" file.

16/02/2008 16:36:42 yoda 1308 Sign of "Win32:DelMBR [Trj]" has been found in "C:\Pilotes\PILOTES.ISO" file.

16/02/2008 16:57:47 yoda 1308 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\LPHANT\Lphant-v2.00-Beta2-Installer.exe\{tmp}\VVSNInst.exe\VVSN.exe" file.

16/02/2008 16:57:48 yoda 1308 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\LPHANT\Lphant-v2.00-Beta2-Installer.exe\{tmp}\VVSNInst.exe" file.

16/02/2008 17:40:47 yoda 1308 Sign of "Win32:BHO-KD [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll\[uPX]" file.

17/02/2008 15:17:38 SYSTEM 188 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.

17/02/2008 15:17:39 SYSTEM 188 An error has occured while attempting to update. Please check the logs.

19/03/2008 18:28:54 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 18:29:44 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 18:30:15 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 18:31:34 SYSTEM 1932 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:05:09 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:19:25 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:22:42 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:24:25 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:24:34 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:46:25 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:47:36 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:52:39 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:54:34 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 19:56:31 SYSTEM 1808 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:25:59 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:35:44 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:37:22 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:37:27 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:37:33 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:51:14 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:54:36 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:58:15 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:58:23 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 21:59:56 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 22:03:20 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 22:04:56 yoda 3532 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 22:05:52 SYSTEM 1896 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

19/03/2008 22:36:34 SYSTEM 1700 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 12:35:54 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 12:44:21 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 12:46:38 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 12:46:43 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 12:46:50 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 13:00:27 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 13:00:34 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 13:04:00 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 13:04:23 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

22/03/2008 13:05:41 SYSTEM 636 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

28/03/2008 09:33:07 SYSTEM 756 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

03/04/2008 12:08:11 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

03/04/2008 12:18:50 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

03/04/2008 12:21:00 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

03/04/2008 12:22:17 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

03/04/2008 12:23:28 SYSTEM 1300 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

03/04/2008 21:09:15 SYSTEM 688 Sign of "Win32:Adware-gen [Adw]" has been found in "http://files.numerama.com/Lphant%203.02%20[Par%20Ratiatum.com].exe\{tmp}\VVSNInst.exe" file.

03/04/2008 21:19:03 SYSTEM 688 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\GACHOD~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005.

03/04/2008 21:19:03 SYSTEM 688 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005.

03/04/2008 21:25:20 SYSTEM 688 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file.

03/04/2008 21:25:48 SYSTEM 688 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file.

03/04/2008 21:28:54 yoda 916 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file.

04/04/2008 07:36:04 yoda 688 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file.

04/04/2008 09:54:31 yoda 688 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

04/04/2008 09:58:49 yoda 688 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\AppCert\prx99f.dll" file.

04/04/2008 10:35:58 yoda 340 Sign of "Win32:Beagle-AAW [Trj]" has been found in "C:\WINDOWS\system32\drivers\srosa.sys" file.

04/04/2008 10:40:58 yoda 340 Sign of "Win32:Pakes-AKM [Trj]" has been found in "C:\WINDOWS\system32\amstreams.dll" file.

09/04/2008 14:52:11 SYSTEM 988 Sign of "JS:ADODB-V [Expl]" has been found in "http://picshunter.info/??http%3A//www.onyourlips.com/" file.

14/04/2008 15:23:30 SYSTEM 1116 Sign of "ANI:CVE-2007-0038 [Expl]" has been found in "http://polhfdn.awasr.cn/exploits/x16b.php" file.

14/04/2008 17:49:21 SYSTEM 1116 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\meta4.exe" file.

20/04/2008 22:59:29 SYSTEM 1192 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.

20/04/2008 22:59:29 SYSTEM 1192 An error has occured while attempting to update. Please check the logs.

22/04/2008 19:23:36 SYSTEM 1084 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005.

22/04/2008 19:23:36 SYSTEM 1084 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005.

25/04/2008 14:52:15 SYSTEM 988 Sign of "Win32:Cfd [Adw]" has been found in "C:\Program Files\BroadJump\Client Foundation\CFD.exe" file.

25/04/2008 22:25:10 SYSTEM 988 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.

25/04/2008 22:25:10 SYSTEM 988 An error has occured while attempting to update. Please check the logs.

16/05/2008 12:33:07 SYSTEM 228 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005.

16/05/2008 12:33:07 SYSTEM 228 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.dat (C:\WINDOWS\system32\drivers\zithxzoi.dat) returning error, 00000005.

22/05/2008 17:43:04 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005.

22/05/2008 17:43:09 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\TEMP\hhvqehke.dat (C:\WINDOWS\TEMP\hhvqehke.dat) returning error, 00000005.

22/05/2008 17:43:09 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.sys (C:\WINDOWS\system32\drivers\zithxzoi.sys) returning error, 00000005.

22/05/2008 18:34:19 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005.

22/05/2008 18:34:25 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005.

22/05/2008 18:34:25 SYSTEM 284 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.sys (C:\WINDOWS\system32\drivers\zithxzoi.sys) returning error, 00000005.

28/05/2008 18:38:55 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005.

28/05/2008 18:39:00 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\TEMP\hhvqehke.dat (C:\WINDOWS\TEMP\hhvqehke.dat) returning error, 00000005.

28/05/2008 19:11:07 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\Drivers\zithxzoi.sys (C:\WINDOWS\system32\Drivers\zithxzoi.sys) returning error, 00000005.

28/05/2008 19:11:07 SYSTEM 396 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat (C:\DOCUME~1\yoda~1\LOCALS~1\Temp\hhvqehke.dat) returning error, 00000005.

05/06/2008 21:17:56 SYSTEM 500 Sign of "Win32:Kuang2" has been found in "http://pcpitstop.com/antivirus/PitPav.cab\PitPav.exe\$[14358]\Pavdll.dll" file.

06/06/2008 13:40:09 SYSTEM 240 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005.

06/06/2008 13:40:24 SYSTEM 240 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.dat (C:\WINDOWS\system32\drivers\zithxzoi.dat) returning error, 00000005.

06/06/2008 14:38:54 SYSTEM 188 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://download.microsoft.com/download/5/c...x86fre_spcd.iso (C:\WINDOWS\TEMP\_avast4_\unp11923825.tmp) returning error, 0000001E.

10/06/2008 13:05:19 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:05:35 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:06:00 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:06:10 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:06:23 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:06:32 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:06:36 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:06:43 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:07:18 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:07:21 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:07:29 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:07:32 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:07:40 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:07:47 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:07:49 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 13:08:27 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 13:09:24 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:17:20 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 15:18:26 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:19:20 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:19:29 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 15:19:33 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:19:48 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 15:21:24 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:21:32 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:21:53 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 15:22:39 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 15:22:43 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 16:06:44 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 16:08:03 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 16:10:58 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 16:11:06 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 16:11:14 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 16:11:22 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 16:12:00 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\windows\system32\dfrguih.dll" file.

10/06/2008 16:12:14 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll" file.

10/06/2008 19:35:45 SYSTEM 536 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\reppbkyd.dat (C:\WINDOWS\system32\drivers\reppbkyd.dat) returning error, 00000005.

10/06/2008 19:36:08 SYSTEM 536 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\WINDOWS\system32\drivers\zithxzoi.dat (C:\WINDOWS\system32\drivers\zithxzoi.dat) returning error, 00000005.

10/06/2008 22:35:15 SYSTEM 536 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll.bak" file.

11/06/2008 00:44:33 yoda 4028 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\dfrguih.dll.bak" file.

11/06/2008 02:04:02 yoda 4028 Sign of "Win32:Agent-PSI [Rtk]" has been found in "C:\WINDOWS\system32\drivers\reppbkyd.dat" file.

11/06/2008 08:52:19 yoda 4028 Sign of "Win32:Agent-PSI [Rtk]" has been found in "C:\WINDOWS\system32\drivers\zithxzoi.dat" file.

Zone de quarantaine AVAST :

Initialisation des fichiers de la zone de quarantaine

------------------------------------------------------------------------------------------

Le programme va essayer de charger tous les fichiers de la zone de quarantaine à partir du serveur suivant : (null)

ID du fichier : 0000000001 Nom original du fichier : C:\WINDOWS\system32\kernel32.dll Catégorie du fichier : 0

ID du fichier : 0000000002 Nom original du fichier : C:\WINDOWS\system32\winsock.dll Catégorie du fichier : 0

ID du fichier : 0000000003 Nom original du fichier : C:\WINDOWS\system32\wsock32.dll Catégorie du fichier : 0

ID du fichier : 0000000004 Nom original du fichier : C:\WINDOWS\system32\kernel32.dll Catégorie du fichier : 0

ID du fichier : 0000000007 Nom original du fichier : C:\WINDOWS\system32\kernel32.dll Catégorie du fichier : 0

ID du fichier : 0000000008 Nom original du fichier : C:\WINDOWS\system32\wsock32.dll Catégorie du fichier : 0

ID du fichier : 0000000009 Nom original du fichier : C:\WINDOWS\system32\dfrguih.dll Catégorie du fichier : 1

ID du fichier : 0000000010 Nom original du fichier : C:\windows\system32\dfrguih.dll Catégorie du fichier : 1

ID du fichier : 0000000011 Nom original du fichier : C:\windows\system32\dfrguih.dll Catégorie du fichier : 1

ID du fichier : 0000000012 Nom original du fichier : C:\WINDOWS\system32\dfrguih.dll Catégorie du fichier : 1

ID du fichier : 0000000013 Nom original du fichier : C:\windows\system32\dfrguih.dll Catégorie du fichier : 1

ID du fichier : 0000000014 Nom original du fichier : C:\WINDOWS\system32\dfrguih.dll Catégorie du fichier : 1

Rapport Easy Cleaner base de registre :

HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Log File Name C:\divx.log

HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Log File Name C:\divx.log

HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MV File Name C:\mvinfo.bin

HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MV File Name C:\mvinfo.bin

HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Nth Pass debug file name C:\newrc.txt

HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 Nth Pass debug file name C:\newrc.txt

HKEY_CURRENT_USER Software\Gabest\vsfilter\DefTextPathes 09/06/2008 16:09:00 Path1 c:\subtitles

HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\Gabest\vsfilter\DefTextPathes 09/06/2008 16:09:00 Path1 c:\subtitles

HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MP4 File Name C:\test.divx

HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 MP4 File Name C:\test.divx

HKEY_LOCAL_MACHINE Software\Classes\CLSID\{4805A96E-4492-4650-8CE1-7049ABF14535}\InprocServer32 14/02/2008 11:55:53 C:\WINDOWS\system32\amstreams.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows Media Device Manager 09/06/2008 16:09:10 Log.Filename C:\WINDOWS\system32\Wmdm.log

HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 YUV Dir Name C:\yuv

HKEY_USERS S-1-5-21-4135148708-4229327457-639787953-1006\Software\DivXNetworks\DivX4Windows 09/06/2008 16:11:38 YUV Dir Name C:\yuv

Rapport Spybot :

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-03-19 blindman.exe (1.0.0.7)

2008-01-28 SDDelFile.exe (1.0.2.4)

2008-01-28 SDMain.exe (1.0.0.5)

2007-10-07 SDShred.exe (1.0.1.2)

2008-01-28 SDUpdate.exe (1.0.8.

2008-01-28 SDWinSec.exe (1.0.0.11)

2008-01-28 SpybotSD.exe (1.5.2.20)

2008-01-28 TeaTimer.exe (1.5.2.16)

2008-02-16 unins000.exe (51.49.0.0)

2008-03-18 Update.exe (1.4.0.6)

2008-01-28 advcheck.dll (1.5.4.5)

2007-04-02 aports.dll (2.1.0.0)

2007-11-17 DelZip179.dll (1.79.7.4)

2008-01-28 SDFiles.dll (1.5.1.19)

2008-01-28 SDHelper.dll (1.5.0.11)

2008-01-28 Tools.dll (2.1.3.3)

2008-06-03 Includes\Adware.sbi

2008-06-03 Includes\AdwareC.sbi

2008-06-03 Includes\Cookies.sbi

2008-06-03 Includes\Dialer.sbi

2008-06-03 Includes\DialerC.sbi

2008-06-03 Includes\HeavyDuty.sbi

2008-06-04 Includes\Hijackers.sbi

2008-06-03 Includes\HijackersC.sbi

2008-06-03 Includes\Keyloggers.sbi

2008-06-03 Includes\KeyloggersC.sbi

2008-06-03 Includes\Malware.sbi

2008-06-03 Includes\MalwareC.sbi

2008-06-03 Includes\PUPS.sbi

2008-06-03 Includes\PUPSC.sbi

2007-11-07 Includes\Revision.sbi

2008-06-03 Includes\Security.sbi

2008-06-03 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2008-06-03 Includes\Spyware.sbi

2008-06-03 Includes\SpywareC.sbi

2008-06-03 Includes\Tracks.uti

2008-06-03 Includes\Trojans.sbi

2008-06-03 Includes\TrojansC.sbi

2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, AGRSMMSG

command: AGRSMMSG.exe

file: C:\WINDOWS\AGRSMMSG.exe

size: 88209

MD5: 230EA041666125B6812FE3FF964B2DF3

Located: HK_LM:Run, avast!

command: C:\PROGRA~1\AVASTA~1\ashDisp.exe

file: C:\PROGRA~1\AVASTA~1\ashDisp.exe

size: 79224

MD5: 87B63FD1B5EC5CC41589CE7026DB7C5F

Located: HK_LM:Run, fenaffiche

command: "C:\Program Files\FenAffiche\Fenpowernet.exe"

file: C:\Program Files\FenAffiche\Fenpowernet.exe

size: 49152

MD5: 7D18E3CD4F3960BDEA404A280BC5B9A1

Located: HK_LM:Run, RestoreIT!

command: "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

file: C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

size: 114688

MD5: 703D864C5CE2AB756D6C871CF8B1FCF1

Located: HK_LM:Run, VTTimer

command: VTTimer.exe

file: C:\WINDOWS\system32\VTTimer.exe

size: 53248

MD5: 09F1A97848BFAB3F36EB216681465B85

Located: HK_LM:Run, QuickTime Task (DISABLED)

command: "C:\program files\quick time\qttask.exe" -atboottime

file: C:\program files\quick time\qttask.exe

size: 385024

MD5: BAFCF6CF19CE4882039C52DFA17BE35F

Located: HK_CU:Run, CTFMON.EXE (DISABLED)

where: .DEFAULT...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, ctfmon.exe (DISABLED)

where: PE_C_ADMINISTRATEUR...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, ctfmon.exe (DISABLED)

where: PE_C_FLORIAN...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE (DISABLED)

where: S-1-5-19...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE (DISABLED)

where: S-1-5-20...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, H/PC Connection Agent

where: S-1-5-21-4135148708-4229327457-639787953-1006...

command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe

size: 1204224

MD5: 3D3B3B4844A9D4B1B9D3E8C7BB013026

Located: HK_CU:Run, WMPNSCFG

where: S-1-5-21-4135148708-4229327457-639787953-1006...

command: C:\Program Files\Windows Media Player\WMPNSCFG.exe

file: C:\Program Files\Windows Media Player\WMPNSCFG.exe

size: 204288

MD5: 5011A24AECF4D573473BDC15EE84C178

Located: HK_CU:Run, CTFMON.EXE (DISABLED)

where: S-1-5-18...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, knqjrkdz

command: dfrguih.dll

file: dfrguih.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Rapport register C-Cleaner : Cette valeur revient à chaque fois.

ActiveX/COM Inexistant InProcServer32\C:\WINDOWS\system32\amstreams.dll HKCR\CLSID\{4805A96E-4492-4650-8CE1-7049ABF14535}

Voilà, j’espère ne pas avoir fait un post trop long, enfin quoique

Mais je souhaitais que vous ayiez le maximum d’informations et rapports d’analyse (à la même date) à votre disposition et que cela vous évite de les demander.

Merci d’avance pour les conseils et solutions que vous m’apporterez.

Ah oui, j’ai eu beau faire une réparation avec le cd d’instal de Windows cela n’a rien donné.

Bon courage à vous tous et que la force soit avec vous.

Modifié le 11 juin 2008 par yoda93

Loup blanc · le 11 juin 2008

Bonjour Yoda93,

Bienvenu sur Zebulon,

Pour commencer, tu as deux antivirus installés, Avast et Mac Afee, Il faut déjà en désinstaller au moins un.

Aucun des deux n'est vraiment performant, tu devrais envisager de changer pour une solution plus efficace :

Kaspersky, Antivir ou AVG8 en payants

Antivir ou AVG8 en versions gratuites.

Fait aussi ceci :

- Télécharge Malwarebyte, lance l'installation puis accepte la mise a jour,

- Ferme le programme,

- Redémarre ton PC en mode sans échec ](touche F8 au démarrage)

- Lance Malwarebyte

- Dans l'onglet «Recherche», clic sur «Exécuter un examen complet»

- Clique sur «Rechercher»

- A la fin du scan, fait lui supprimer tout ce qu'il a trouvé,

- Redémarre en mode normal,

- Poste le rapport que tu trouveras dans l'onglet Rapport/logs avec la date du scan,

Ensuite,

- Télécharge LopS&D (Eric71, Angeldark ) sur ton bureau

- Double-clique dessus pour lancer l'installation

- Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

- Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

- Patiente jusqu'à la fin du scan

- Poste le rapport généré (C:\lopR.txt)

Modifié le 11 juin 2008 par Desch

yoda93 · le 11 juin 2008

Bonjour Desch.

Merci pour la rapidité de ta réponse.

Concernant Mac Afee, il me semble pourtant l'avoir viré lorsque j'ai installé Avast.

Là, lorsque je clique sur l'icone restante de Mc Afee, il m'est notfié : "Mcagent.exe n'est pas une application Win32 valide".

Et si je souhaite accéder au panneau de config, comme je le signalais plus haut c'est impossible.

Quel logiciel ou quel manip pour y accéder ou virer Mc Afee me conseilles tu ?

J'ai trouvé lol : Démarrer, Exécuter et pour finir "control"

En ce qui concerne le mode sans échec que tu me demandes de déclencher, il m'est également impossible d'y accéder.

Vais donc malheureusement devoir faire les scans en mode normal.

Vais attendre que tu me répondes concernant la désinstallation de Mc Affe et ensuite je posterai illico les rapports relatifs à Malwarebyte et LopS&D.

Modifié le 11 juin 2008 par yoda93

Loup blanc · le 11 juin 2008

Visiblement tu es infecté par Bagle,

Je préfère que ton cas soit traité par un membre de l'équipe sécurité, je vais un contacter un tout de suite.

yoda93 · le 11 juin 2008

Encore merci mon Général pour ta première intervention

Sinon Mc Afee a été désinstallé comme demandé.

Dois-je quand même faire les analyses que tu m'as conseillées ?

En attendant vais déployer le bouclier tactique et rester attentifs aux nouvelles instructions de l'escouade.

Modifié le 11 juin 2008 par yoda93

Loup blanc · le 11 juin 2008

Pour l'instant, il vaut mieux attendre.

Une chose tout de même, n'essaie pas de forcer le mode sans échec avec msconfig, ça pourrait t'empêcher de démarrer ton PC

yoda93 · le 11 juin 2008

Merci pour tes conseils Desch.

Concernant msconfig j'ai jamais mis le nez dedans (enfin concernant d'éventuelles modifs) car ça devient du chinois pour moi tant que l'on ne me donne pas la réelle marche à suivre.

Voilà, AVAST supprimé et remplacé par ANTIVIR.

Je vous fais un scan et vous posterai le rapport d'analyse.

Ensuite j'attendrai vos instructions.

Modifié le 11 juin 2008 par yoda93

Falkra · le 11 juin 2008

Bonsoir,

merci d'avoir passé le relais Desch. Reste dans le coin.

Bagle est en effet actif, et nécessite quelques dispositions particulières, notamment après traitement.

Il est possible qu'il faille récupérer et faire remonter des fichiers aux développeurs. Je le ferai si cela s'avère nécessaire.

Attention à bien suivre ces instructions en détail, ne pas oublier de renommer combofix.exe AVANT qu'il ne soit téléchargé, quand on peut encore changer le nom du fichier et dire où le télécharger.

Télécharge combofix.exe de sUBs et renomme-le combo-fix.exe avant de le sauvegarder sur ton bureau (et pas ailleurs).

Assure toi que tous les programmes sont fermés avant de commencer.
Double-clique combo-fix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).
Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/f...iliser-combofix

yoda93 · le 12 juin 2008

Bonjour Falkra et merci de m'aider.

Comme tu me l'as demandé voici le rapport d'analyse de combofix :

ComboFix 08-06-10.5 - Yoda 2008-06-12 7:42:23.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.415 [GMT 2:00]

Endroit: C:\Documents and Settings\yoda\Bureau\Combo-Fix.exe

* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\yoda\Application Data\inst.exe

C:\WINDOWS\system32\appcert

C:\WINDOWS\system32\bebeeffde_r.dll

C:\WINDOWS\system32\beffffb_z.dll

C:\WINDOWS\system32\drivers\downld

C:\WINDOWS\system32\drivers\downld\11550265.exe

C:\WINDOWS\system32\drivers\downld\14799671.exe

C:\WINDOWS\system32\drivers\downld\14825984.exe

C:\WINDOWS\system32\drivers\downld\14853046.exe

C:\WINDOWS\system32\drivers\downld\14895953.exe

C:\WINDOWS\system32\drivers\downld\14911703.exe

C:\WINDOWS\system32\drivers\downld\14916406.exe

C:\WINDOWS\system32\drivers\downld\180828.exe

C:\WINDOWS\system32\drivers\downld\209687.exe

C:\WINDOWS\system32\drivers\downld\217890.exe

C:\WINDOWS\system32\drivers\downld\240468.exe

C:\WINDOWS\system32\drivers\downld\249781.exe

C:\WINDOWS\system32\drivers\downld\250218.exe

C:\WINDOWS\system32\drivers\downld\268187.exe

C:\WINDOWS\system32\drivers\downld\283593.exe

C:\WINDOWS\system32\drivers\downld\286203.exe

C:\WINDOWS\system32\drivers\downld\291593.exe

C:\WINDOWS\system32\drivers\downld\291859.exe

C:\WINDOWS\system32\drivers\downld\29321796.exe

C:\WINDOWS\system32\drivers\downld\29342593.exe

C:\WINDOWS\system32\drivers\downld\29365359.exe

C:\WINDOWS\system32\drivers\downld\29382734.exe

C:\WINDOWS\system32\drivers\downld\29395718.exe

C:\WINDOWS\system32\drivers\downld\29400453.exe

C:\WINDOWS\system32\drivers\downld\314703.exe

C:\WINDOWS\system32\drivers\downld\332828.exe

C:\WINDOWS\system32\drivers\downld\341296.exe

C:\WINDOWS\system32\drivers\downld\352718.exe

C:\WINDOWS\system32\drivers\downld\373359.exe

C:\WINDOWS\system32\drivers\downld\387562.exe

C:\WINDOWS\system32\drivers\downld\392171.exe

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\dfrguih.dll . . . . Echec de suppression

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NWSAPAGENT

-------\Legacy_RCVUHLRN

-------\Legacy_SROSA

-------\Legacy_WINDOWS_LOG

-------\Service_NwSapAgent

-------\Service_rcvuhlrn

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))))))))

.

2008-06-11 22:07 . 2008-06-11 22:07 <REP> d-------- C:\Program Files\Avira

2008-06-11 22:05 . 2008-06-11 22:06 <REP> d-------- C:\Program Files\ANTIVIR antivirus setup

2008-06-11 09:30 . 2008-04-14 17:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-11 09:30 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-10 16:12 . 2008-06-10 16:12 <REP> d-------- C:\WINDOWS\AU_Temp

2008-06-10 16:12 . 2008-06-10 16:12 34,649,137 --a------ C:\WINDOWS\VPTNFILE.335

2008-06-10 16:12 . 2008-06-10 16:12 34,649,137 --a------ C:\WINDOWS\LPT$VPN.335

2008-06-06 16:58 . 2008-06-06 16:58 11,453,333 --a------ C:\upload_moi_SY4PPNP19.tar.gz

2008-06-06 16:54 . 2008-06-11 09:31 <REP> d-------- C:\WINDOWS\system32\CatRoot2

2008-06-06 15:20 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp

2008-06-05 22:26 . 2008-04-14 04:34 1,037,824 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe

2008-06-05 22:26 . 2008-04-14 04:34 1,037,824 --a------ C:\WINDOWS\explorer.exe

2008-06-05 20:00 . 2008-06-06 13:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-05 20:00 . 2008-06-05 20:00 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm

2008-05-30 21:55 . 2008-05-30 21:55 <REP> d-------- C:\fsaua.data

2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm

2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax

2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll

2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm

2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest

2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest

2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2008-05-13 17:05 . 2008-05-13 17:21 <REP> d-------- C:\pilotes VIA

2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\system32\bits

2008-05-13 16:42 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-13 16:39 . 2008-05-13 16:42 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-05-13 16:22 . 2008-06-06 15:12 <REP> d-------- C:\WINDOWS\EHome

2008-05-13 15:56 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-11 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-11 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-06-10 19:46 --------- d-----w C:\Program Files\DEFENSE PC

2008-06-10 19:33 --------- d-----w C:\Program Files\Navilog1

2008-06-10 19:03 --------- d-----w C:\Program Files\EASY CLEANER

2008-06-10 14:12 91,744 ----a-w C:\WINDOWS\BPMNT.dll

2008-06-10 14:12 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll

2008-06-09 17:27 --------- d-----w C:\Program Files\Ahead

2008-06-09 16:12 --------- d-----w C:\Program Files\DivX

2008-06-05 22:05 71,749 ----a-w C:\WINDOWS\hcextoutput.dll

2008-06-05 22:05 333,576 ----a-w C:\WINDOWS\tsc.exe

2008-06-05 22:02 --------- d-----w C:\Program Files\Winamp

2008-05-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania

2008-05-20 06:02 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-13 15:20 --------- d-----w C:\Documents and Settings\yoda\Application Data\ma-config.com

2008-05-13 15:18 --------- d-----w C:\Program Files\VIA

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-03 12:03 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\netucgxr

2008-04-23 11:51 --------- d-----w C:\Documents and Settings\yoda\Application Data\dvdcss

2008-04-22 17:23 20,608 ----a-w C:\WINDOWS\system32\drivers\reppbkyd.dat

2008-04-20 07:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-04-19 09:09 --------- d-----w C:\Program Files\Radio Fr Solo

2008-04-19 08:56 --------- d-----w C:\Program Files\quick time

2008-04-18 16:40 --------- d-----w C:\Program Files\Fichiers communs\Mozilla Shared

2008-04-18 16:40 --------- d-----w C:\Documents and Settings\yoda\Application Data\netucgxr

2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe

2007-12-30 12:09 8 --sha-r C:\WINDOWS\system32\567574EF83.sys

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll

2007-12-30 12:09 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll

2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4805A96E-4492-4650-8CE1-7049ABF14535}]

C:\WINDOWS\system32\amstreams.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D77E7A40-7534-420A-B6B3-0B3956C11474}]

2004-08-05 14:00 84480 --a------ c:\windows\system32\dfrguih.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-21 17:39 114688]

"fenaffiche"="C:\Program Files\FenAffiche\Fenpowernet.exe" [2004-07-23 10:43 49152]

"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]

"QuickTime Task"="C:\program files\quick time\qttask.exe" [2008-02-01 00:13 385024]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.MJPG"= pvmjpg21.dll

"VIDC.PVW2"= pvwv220.dll

"VIDC.PIMJ"= pvljpg20.dll

"vidc.i263"= C:\WINDOWS\system32\i263_32.drv

"vidc.VP40"= vp4vfw.dll

"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2005-11-15 21:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2006-11-03 10:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="C:\program files\quick time\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Temp\\CI_HITACHI\\MAJ_Hitachi.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Program Files\\bitcomet\\BitComet.exe"=

"C:\\WINDOWS\\system32\\svchost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"E:\\JEU\\SteamApps\\xxx8575\\counter-strike source\\hl2.exe"=

"E:\\JEU\\SteamApps\\xxx8575\\day of defeat\\hl.exe"=

"E:\\JEU\\SteamApps\\xxx8575\\counter-strike\\hl.exe"=

"E:\\JEU\\SteamApps\\xxx8575\\condition zero\\hl.exe"=

"E:\\JEU\\SteamApps\\xxx8575\\condition zero deleted scenes\\hl.exe"=

"C:\\Program Files\\HLSW\\hlsw.exe"=

"C:\\Program Files\\e-mule\\eMule\\emule.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"E:\\Jeu Trackmania\\trackmania nation\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"E:\\trackmania forever\\TmNationsForever\\TmForever.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:UDP"= 4672:UDP:kad_reseau

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5900:TCP"= 5900:TCP:assistance msn

"3389:UDP"= 3389:UDP:assistance à distance

"6346:TCP"= 6346:TCP:shareaza

"6346:UDP"= 6346:UDP:shareaza

"4662:TCP"= 4662:TCP:lphant

"21:UDP"= 21:UDP:club

"4672:TCP"= 4672:TCP:mulot

"23430:TCP"= 23430:TCP:BitComet 23430 TCP

"23430:UDP"= 23430:UDP:BitComet 23430 UDP

"3728:TCP"= 3728:TCP:tribalweb

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"24192:TCP"= 24192:TCP:BitComet 24192 TCP

"24192:UDP"= 24192:UDP:BitComet 24192 UDP

"13941:TCP"= 13941:TCP:BitComet 13941 TCP

"13941:UDP"= 13941:UDP:BitComet 13941 UDP

"26228:TCP"= 26228:TCP:@xpsp2res.dll,-22009

"25204:TCP"= 25204:TCP:@xpsp2res.dll,-22009

R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 17:39]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]

R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 17:39]

R0 zithxzoi;zithxzoi;C:\WINDOWS\system32\drivers\zithxzoi.sys [2004-08-05 14:00]

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 12:44]

S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys []

S2 SrvQxa;SrvQxa;"\\?\C:\Program Files\Fichiers communs\System\lpt9.exe" []

S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys [2004-04-28 11:30]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]

S3 SPAInfoDrv;SPAInfoDrv;C:\PROGRA~1\MOBILE~1\bin\SPAInfoDrv.sys []

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 20:56]

S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 13:28]

S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys []

S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys []

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-06 13:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-06 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\tune up utilities\SystemOptimizer.exe

"2005-11-19 07:02:28 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (SY4PPNP19-yoda).job"

- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-12 07:54:48

Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-12 8:03:26 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-12 06:03:13

Pre-Run: 52,950,028,288 octets libres

Post-Run: 52,892,217,344 octets libres

346 --- E O F --- 2008-06-11 07:55:12

Et pour finir le rapport d'analyse d'ANTIVIR fait hier soir après son installation :

Avira AntiVir Personal

Report file date: mercredi 11 juin 2008 22:21

Scanning for 1327179 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: SY4PPNP19

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58

ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 20:09:14

ANTIVIR3.VDF : 7.0.4.180 326144 Bytes 11/06/2008 20:09:15

Engineversion : 8.1.0.55

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.40 266618 Bytes 11/06/2008 20:09:25

AESCN.DLL : 8.1.0.21 119156 Bytes 11/06/2008 20:09:24

AERDL.DLL : 8.1.0.20 418165 Bytes 11/06/2008 20:09:23

AEPACK.DLL : 8.1.1.5 364918 Bytes 11/06/2008 20:09:22

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/06/2008 20:09:21

AEHEUR.DLL : 8.1.0.30 1253750 Bytes 11/06/2008 20:09:21

AEHELP.DLL : 8.1.0.15 115063 Bytes 11/06/2008 20:09:19

AEGEN.DLL : 8.1.0.28 307572 Bytes 11/06/2008 20:09:18

AEEMU.DLL : 8.1.0.6 430451 Bytes 11/06/2008 20:09:17

AECORE.DLL : 8.1.0.31 168310 Bytes 11/06/2008 20:09:16

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: mercredi 11 juin 2008 22:21

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\System\ControlSet006\Services\zithxzoi\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123

[iNFO] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet006\Services\zithxzoi\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123

[iNFO] The registry entry is invisible.

'66792' objects were checked, '2' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'rapimgr.exe' - '1' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned

Scan process 'VTTimer.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

28 processes with 28 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '19' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe

[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN

[NOTE] The file was moved to '48b936cd.qua'!

C:\Program Files\DEFENSE PC\smitfraudfix\SmitfraudFix.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.41

[NOTE] The file was moved to '48b93714.qua'!

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP10\A0000168.exe

[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN

[NOTE] The file was moved to '48803b68.qua'!

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP10\A0000170.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.41

[NOTE] The file was moved to '48803b74.qua'!

Begin scan in 'E:\' <DISQUE 2>

End of the scan: mercredi 11 juin 2008 23:21

Used time: 1:00:08 min

The scan has been done completely.

8685 Scanning directories

340758 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

340754 Files not concerned

7555 Archives were scanned

2 Warnings

4 Notes

66792 Objects were scanned with rootkit scan

2 Hidden objects were found

Toutes les entrées potentiellement dangereuses trouvées par ANTIVIR ont été mises en quarantaine dans l'attente d'instruction de ta part.

Merci

Falkra · le 12 juin 2008

Pour la cause de tes ennuis, ne cherche pas en tout cas : P2P.

Le scan d'antivir a buté sur des outils spéciaux utilisés auparavant a première vue (smitfraudfix par exemple) mais ce n'est pas leur place habituelle, est-ce que c'est toi qui les a mis là ? (ce n'est pas un reproche, évidemment). Laisse en quarantaine ce qui s'y trouve pour le moment. Bon réflexe de l'avoir fait sans effacer. Si antivir bute sur quelque chose qui se trouve dans c:\qoobox fais ignorer et dis lui d'aller voir ailleurs (fichiers issus de backups infectieux : normal).

Il y a des fichiers datés de 2004, c'est la première installation de l'OS sur la machine ?

Enfin, ça doit déjà aller un peu mieux, et tu pourras aller en mode sans échec (inutile de s'y précipiter pour le moment toutefois).

Voici la suite des opérations.

Ouvre le bloc notes. Copie colle ceci dedans :

Rootkit::
C:\WINDOWS\system32\dfrguih.dll

File::

C:\WINDOWS\system32\amstreams.dll

C:\WINDOWS\system32\drivers\zithxzoi.sys

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4805A96E-4492-4650-8CE1-7049ABF14535}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D77E7A40-7534-420A-B6B3-0B3956C11474}]

Driver::

zithxzoi

Dirlook::

C:\documents and settings\yoda\application data\M

Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Connexion

Pas encore inscrit ?

Je n'arrive pas à supprimer les virus de mon PC

Messages recommandés

yoda93

Loup blanc

yoda93

Loup blanc

yoda93

Loup blanc

yoda93

Falkra

yoda93

Falkra

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer