[Résolu] Infection de mon ordinateur

[jojemael]

VOICI LE RAPPORT DE

C:\wint\systeme32\coclassfast.dll

que tu ma demander

 

 

 

Fichier coclassfast.dll reçu le 2008.07.31 22:31:53 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.7.29.1 2008.07.31 -

AntiVir 7.8.1.15 2008.07.31 -

Authentium 5.1.0.4 2008.07.31 -

Avast 4.8.1195.0 2008.07.31 -

AVG 8.0.0.156 2008.07.31 -

BitDefender 7.2 2008.07.31 -

CAT-QuickHeal 9.50 2008.07.31 -

ClamAV 0.93.1 2008.07.31 -

DrWeb 4.44.0.09170 2008.07.31 -

eSafe 7.0.17.0 2008.07.29 -

eTrust-Vet 31.6.5998 2008.07.31 -

Ewido 4.0 2008.07.31 -

F-Prot 4.4.4.56 2008.07.31 -

F-Secure 7.60.13501.0 2008.07.31 -

Fortinet 3.14.0.0 2008.07.31 -

GData 2.0.7306.1023 2008.07.31 -

Ikarus T3.1.1.34.0 2008.07.31 -

Kaspersky 7.0.0.125 2008.07.31 -

McAfee 5351 2008.07.31 -

Microsoft 1.3704 2008.07.28 -

NOD32v2 3316 2008.07.31 -

Norman 5.80.02 2008.07.31 -

Panda 9.0.0.4 2008.07.31 -

PCTools 4.4.2.0 2008.07.31 -

Prevx1 V2 2008.07.31 -

Rising 20.55.32.00 2008.07.31 -

Sophos 4.31.0 2008.07.31 -

Sunbelt 3.1.1537.1 2008.07.29 -

Symantec 10 2008.07.31 -

TheHacker 6.2.96.391 2008.07.31 -

TrendMicro 8.700.0.1004 2008.07.31 -

VBA32 3.12.8.1 2008.07.31 -

ViRobot 2008.7.31.1319 2008.07.31 -

VirusBuster 4.5.11.0 2008.07.31 -

Webwasher-Gateway 6.6.2 2008.07.31 -

 

Information additionnelle

File size: 184320 bytes

MD5...: d66b49008311cfebfd35de9b663d697d

SHA1..: 1d27639ba5117374d9f97b983460d313d4bbee8e

SHA256: 26e7a3783c6bc7cf28cfa01659e590d326c5c296c75303e73b85c823e4d09d21

SHA512: e3d5569ca8c0cac97ccebe9841d2a18b2d0fb5ef5642e209bd95f07a54f5627d<BR>7792dcaebf5b0a499b88e3d9a095591176027e0d6ae3e08a4c06afb5d7d44ad5

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000d323<BR>timedatestamp.....: 0x461340cd (Wed Apr 04 06:08:13 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c027 0x1d000 6.59 1564a8b6b63462ba79a237cb38969ede<BR>.rdata 0x1e000 0x6dbd 0x7000 5.01 048ef4aed43db066a03619b3255bf9e1<BR>.data 0x25000 0x5894 0x2000 3.76 6e047b0da749319294ce0cd759c9cf64<BR>.rsrc 0x2b000 0xb0 0x1000 3.06 d73dd5cbb6ea506708aea4b5aaabaae7<BR>.reloc 0x2c000 0x486e 0x5000 3.33 d80664de7570fd37b2a0648096f0762f<BR><BR>( 8 imports ) <BR>> SETUPAPI.dll: SetupDiEnumDriverInfoA, SetupDiGetDeviceInstallParamsA, SetupDiSetDeviceInstallParamsA, SetupDiGetDriverInstallParamsA, SetupDiSetDriverInstallParamsA, SetupDiSetSelectedDriverA<BR>> KERNEL32.dll: GetCurrentProcess, CreateFileA, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, GetCommandLineA, GetProcessHeap, RaiseException, HeapSize, ExitProcess, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, Sleep, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, SetFilePointer, WriteFile, GetOEMCP, GetCPInfo, GetLocaleInfoA, GlobalFlags, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LoadLibraryA, lstrcmpW, GetThreadLocale, lstrcmpA, GetCurrentProcessId, InterlockedIncrement, SetErrorMode, GetModuleFileNameA, GetCurrentThreadId, CloseHandle, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, FreeLibrary, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, lstrlenA, CompareStringA, GetVersion, GetLastError, MultiByteToWideChar, InterlockedExchange, GetWindowsDirectoryA, FindFirstFileA, FindNextFileA, FindClose, GetPrivateProfileStringA, GetPrivateProfileSectionA, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA<BR>> USER32.dll: PostQuitMessage, DestroyMenu, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, SetWindowTextA, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, PostMessageA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetWindow, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetWindowTextA, GetWindowThreadProcessId, GetParent, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, UnhookWindowsHookEx, ValidateRect, PeekMessageA, GetKeyState, SendMessageA, DispatchMessageA, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnregisterClassA, SetWindowsHookExA, CallNextHookEx<BR>> GDI32.dll: DeleteDC, GetStockObject, Escape, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetTextColor, GetClipBox, CreateBitmap, GetDeviceCaps, ExtTextOutA, TextOutA, RectVisible, PtVisible, SetMapMode, RestoreDC, SaveDC, DeleteObject, SetBkColor, SelectObject<BR>> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter<BR>> ADVAPI32.dll: RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, CryptAcquireContextA, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptGetHashParam, RegDeleteKeyA, RegDeleteValueA<BR>> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA<BR>> OLEAUT32.dll: -, -, -<BR><BR>( 3 exports ) <BR>ChangeDriverPolicy, CoDeviceInstall, RestoreDriverPolicy<BR>

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.7.29.1 2008.07.31 -

AntiVir 7.8.1.15 2008.07.31 -

Authentium 5.1.0.4 2008.07.31 -

Avast 4.8.1195.0 2008.07.31 -

AVG 8.0.0.156 2008.07.31 -

BitDefender 7.2 2008.07.31 -

CAT-QuickHeal 9.50 2008.07.31 -

ClamAV 0.93.1 2008.07.31 -

DrWeb 4.44.0.09170 2008.07.31 -

eSafe 7.0.17.0 2008.07.29 -

eTrust-Vet 31.6.5998 2008.07.31 -

Ewido 4.0 2008.07.31 -

F-Prot 4.4.4.56 2008.07.31 -

F-Secure 7.60.13501.0 2008.07.31 -

Fortinet 3.14.0.0 2008.07.31 -

GData 2.0.7306.1023 2008.07.31 -

Ikarus T3.1.1.34.0 2008.07.31 -

Kaspersky 7.0.0.125 2008.07.31 -

McAfee 5351 2008.07.31 -

Microsoft 1.3704 2008.07.28 -

NOD32v2 3316 2008.07.31 -

Norman 5.80.02 2008.07.31 -

Panda 9.0.0.4 2008.07.31 -

PCTools 4.4.2.0 2008.07.31 -

Prevx1 V2 2008.07.31 -

Rising 20.55.32.00 2008.07.31 -

Sophos 4.31.0 2008.07.31 -

Sunbelt 3.1.1537.1 2008.07.29 -

Symantec 10 2008.07.31 -

TheHacker 6.2.96.391 2008.07.31 -

TrendMicro 8.700.0.1004 2008.07.31 -

VBA32 3.12.8.1 2008.07.31 -

ViRobot 2008.7.31.1319 2008.07.31 -

VirusBuster 4.5.11.0 2008.07.31 -

Webwasher-Gateway 6.6.2 2008.07.31 -

 

Information additionnelle

File size: 184320 bytes

MD5...: d66b49008311cfebfd35de9b663d697d

SHA1..: 1d27639ba5117374d9f97b983460d313d4bbee8e

SHA256: 26e7a3783c6bc7cf28cfa01659e590d326c5c296c75303e73b85c823e4d09d21

SHA512: e3d5569ca8c0cac97ccebe9841d2a18b2d0fb5ef5642e209bd95f07a54f5627d<BR>7792dcaebf5b0a499b88e3d9a095591176027e0d6ae3e08a4c06afb5d7d44ad5

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000d323<BR>timedatestamp.....: 0x461340cd (Wed Apr 04 06:08:13 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c027 0x1d000 6.59 1564a8b6b63462ba79a237cb38969ede<BR>.rdata 0x1e000 0x6dbd 0x7000 5.01 048ef4aed43db066a03619b3255bf9e1<BR>.data 0x25000 0x5894 0x2000 3.76 6e047b0da749319294ce0cd759c9cf64<BR>.rsrc 0x2b000 0xb0 0x1000 3.06 d73dd5cbb6ea506708aea4b5aaabaae7<BR>.reloc 0x2c000 0x486e 0x5000 3.33 d80664de7570fd37b2a0648096f0762f<BR><BR>( 8 imports ) <BR>> SETUPAPI.dll: SetupDiEnumDriverInfoA, SetupDiGetDeviceInstallParamsA, SetupDiSetDeviceInstallParamsA, SetupDiGetDriverInstallParamsA, SetupDiSetDriverInstallParamsA, SetupDiSetSelectedDriverA<BR>> KERNEL32.dll: GetCurrentProcess, CreateFileA, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, GetCommandLineA, GetProcessHeap, RaiseException, HeapSize, ExitProcess, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, Sleep, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, SetFilePointer, WriteFile, GetOEMCP, GetCPInfo, GetLocaleInfoA, GlobalFlags, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LoadLibraryA, lstrcmpW, GetThreadLocale, lstrcmpA, GetCurrentProcessId, InterlockedIncrement, SetErrorMode, GetModuleFileNameA, GetCurrentThreadId, CloseHandle, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, FreeLibrary, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, lstrlenA, CompareStringA, GetVersion, GetLastError, MultiByteToWideChar, InterlockedExchange, GetWindowsDirectoryA, FindFirstFileA, FindNextFileA, FindClose, GetPrivateProfileStringA, GetPrivateProfileSectionA, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA<BR>> USER32.dll: PostQuitMessage, DestroyMenu, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, SetWindowTextA, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, PostMessageA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetWindow, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetWindowTextA, GetWindowThreadProcessId, GetParent, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, UnhookWindowsHookEx, ValidateRect, PeekMessageA, GetKeyState, SendMessageA, DispatchMessageA, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnregisterClassA, SetWindowsHookExA, CallNextHookEx<BR>> GDI32.dll: DeleteDC, GetStockObject, Escape, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetTextColor, GetClipBox, CreateBitmap, GetDeviceCaps, ExtTextOutA, TextOutA, RectVisible, PtVisible, SetMapMode, RestoreDC, SaveDC, DeleteObject, SetBkColor, SelectObject<BR>> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter<BR>> ADVAPI32.dll: RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, CryptAcquireContextA, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptGetHashParam, RegDeleteKeyA, RegDeleteValueA<BR>> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA<BR>> OLEAUT32.dll: -, -, -<BR><BR>( 3 exports ) <BR>ChangeDriverPolicy, CoDeviceInstall, RestoreDriverPolicy<BR>

[jojemael]

impossible de telecharger CFScript

rien ne marche toujour la meme reponce

il est impossible de telecharger le fichier

[Gof]

Essaie sur ce lien.

[jojemael]

cela a ouver File::

 

C:\WINNT\system32\dmjpe.exe

C:\WINNT\system32\dmqph.exe

C:\Documents and Settings\FH1.FH\Application Data\ezpinst.exe

C:\Documents and Settings\FH1.FH\Application Data\pcouffin.sys

C:\WINNT\System32\Kargo.exe

C:\WINNT\System32\systemdll.exe

C:\WINNT\System32\jhdjv.exe

C:\WINNT\System32\NopeZ.exe

C:\WINNT\System32\panel_its.exe

C:\WINNT\System32\NukeSpan.exe

C:\WINNT\System32\vbsys2.dll

 

Folder::

C:\fdfix

 

mai je ne peu pas faire de copier coller pour le metre sur combofix

sa ne ma pas ouvert un dossier comme la premiere foi

[Gof]

Oui, une fois la page ouverte sur les éléments que tu m'as donné, rends toi dans "Fichier>enregistrer sous" et sauvegarde sur le bureau. Ainsi tu pourras faire un glisser-déposer sur ComboFix.

[jojemael]

J'ai fais comme tu me l'a marqué j'ai pu l'enregistrer sur le bureau je l'ai fait glisser sur combofix une fenetre bleue est apparu et j'ai eu un message d'erreure que je n'ai pas eu le temps de lire car combofix s'est executé et je n'est pas voulus arreté le programme. A la fin j'ai eu un rapport que je te poste en esperant que se soit le bon.

 

 

 

ComboFix 08-07-31.01 - FH1 2008-07-31 23:34:47.2 - NTFSx86

Endroit: C:\Documents and Settings\FH1.FH\Bureau\combofix.exe

Command switches used :: C:\Documents and Settings\FH1.FH\Bureau\CFScript.txt

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\Documents and Settings\FH1.FH\Application Data\ezpinst.exe

C:\Documents and Settings\FH1.FH\Application Data\pcouffin.sys

C:\WINNT\system32\dmjpe.exe

C:\WINNT\system32\dmqph.exe

C:\WINNT\System32\jhdjv.exe

C:\WINNT\System32\Kargo.exe

C:\WINNT\System32\NopeZ.exe

C:\WINNT\System32\NukeSpan.exe

C:\WINNT\System32\panel_its.exe

C:\WINNT\System32\systemdll.exe

C:\WINNT\System32\vbsys2.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\FH1.FH\Application Data\ezpinst.exe

C:\Documents and Settings\FH1.FH\Application Data\pcouffin.sys

C:\fdfix

C:\fdfix\SDFix\apps\assosfix.reg

C:\fdfix\SDFix\apps\cliptext.exe

C:\fdfix\SDFix\apps\download.exe

C:\fdfix\SDFix\apps\dummy.sys

C:\fdfix\SDFix\apps\Enable_Command_Prompt.reg

C:\fdfix\SDFix\apps\ERDNT.E_E

C:\fdfix\SDFix\apps\ERDNTDOS.LOC

C:\fdfix\SDFix\apps\ERDNTWIN.LOC

C:\fdfix\SDFix\apps\ERUNT.EXE

C:\fdfix\SDFix\apps\ERUNT.LOC

C:\fdfix\SDFix\apps\fix.reg

C:\fdfix\SDFix\apps\FixBH.reg

C:\fdfix\SDFix\apps\FixComponents.reg

C:\fdfix\SDFix\apps\FIXCU.reg

C:\fdfix\SDFix\apps\FIXLM.reg

C:\fdfix\SDFix\apps\FixPath.exe

C:\fdfix\SDFix\apps\FixRedir.reg

C:\fdfix\SDFix\apps\FixSchedule.reg

C:\fdfix\SDFix\apps\FixWebCheck.reg

C:\fdfix\SDFix\apps\fixXP.reg

C:\fdfix\SDFix\apps\FixXPsp2.reg

C:\fdfix\SDFix\apps\grep.exe

C:\fdfix\SDFix\apps\HaxdFix.reg

C:\fdfix\SDFix\apps\HPFix.reg

C:\fdfix\SDFix\apps\HPFix2.reg

C:\fdfix\SDFix\apps\HPFix3.reg

C:\fdfix\SDFix\apps\HPFix4.reg

C:\fdfix\SDFix\apps\HPFix5.reg

C:\fdfix\SDFix\apps\HPFix6.reg

C:\fdfix\SDFix\apps\HPFix7.reg

C:\fdfix\SDFix\apps\HPFix8.reg

C:\fdfix\SDFix\apps\HPFix9.reg

C:\fdfix\SDFix\apps\isadmin.exe

C:\fdfix\SDFix\apps\leg2.txt

C:\fdfix\SDFix\apps\legacy.txt

C:\fdfix\SDFix\apps\legacybk.txt

C:\fdfix\SDFix\apps\locate.com

C:\fdfix\SDFix\apps\LS.exe

C:\fdfix\SDFix\apps\MD5File.exe

C:\fdfix\SDFix\apps\moveex.exe

C:\fdfix\SDFix\apps\MyGcpvFix.reg

C:\fdfix\SDFix\apps\MyGkFix2.reg

C:\fdfix\SDFix\apps\Process.exe

C:\fdfix\SDFix\apps\procs.exe

C:\fdfix\SDFix\apps\psservice.exe

C:\fdfix\SDFix\apps\Rem.txt

C:\fdfix\SDFix\apps\Rem2.txt

C:\fdfix\SDFix\apps\Replace\regedit.exe

C:\fdfix\SDFix\apps\Replace\W2K.exe

C:\fdfix\SDFix\apps\Replace\w2k\beep.sys

C:\fdfix\SDFix\apps\Replace\w2k\null.sys

C:\fdfix\SDFix\apps\Replace\XP.exe

C:\fdfix\SDFix\apps\Replace\xp\beep.sys

C:\fdfix\SDFix\apps\Replace\xp\null.sys

C:\fdfix\SDFix\apps\Reset_AppInit_DLLs.reg

C:\fdfix\SDFix\apps\RestartIt!.exe

C:\fdfix\SDFix\apps\Restore_SecurityCenter.reg

C:\fdfix\SDFix\apps\Restore_SharedAccess.reg

C:\fdfix\SDFix\apps\sc.exe

C:\fdfix\SDFix\apps\sed.exe

C:\fdfix\SDFix\apps\SF.exe

C:\fdfix\SDFix\apps\shutdown.exe

C:\fdfix\SDFix\apps\srv2.txt

C:\fdfix\SDFix\apps\srv2bk.txt

C:\fdfix\SDFix\apps\svc.txt

C:\fdfix\SDFix\apps\svcbk.txt

C:\fdfix\SDFix\apps\swreg.exe

C:\fdfix\SDFix\apps\swsc.exe

C:\fdfix\SDFix\apps\unzip.exe

C:\fdfix\SDFix\apps\vfind.exe

C:\fdfix\SDFix\apps\WINMSG.EXE

C:\fdfix\SDFix\apps\winsec.reg

C:\fdfix\SDFix\apps\zip.exe

C:\fdfix\SDFix\backups\backupreg.zip

C:\fdfix\SDFix\backups\HOSTS

C:\fdfix\SDFix\backups_old\backupreg.zip

C:\fdfix\SDFix\backups_old\backups.zip

C:\fdfix\SDFix\backups_old\HOSTS

C:\fdfix\SDFix\catchme.exe

C:\fdfix\SDFix\dummy.sys

C:\fdfix\SDFix\Report.txt

C:\fdfix\SDFix\Report_old_1.txt

C:\fdfix\SDFix\RunThis.bat

C:\fdfix\SDFix\SDFIX_ReadMe_Online.url

C:\fdfix\SDFix\W2K_CodecRepair.inf

C:\fdfix\SDFix\XP_CodecRepair.inf

C:\WINNT\system32\dmjpe.exe

C:\WINNT\system32\dmqph.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-31 23:34 . 08-07-31 23:34 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2b4.dat

2008-07-30 23:34 . 08-07-30 23:34 <DIR> d-------- C:\WINNT\ERUNT

2008-07-30 23:19 . 08-07-31 21:25 642,332 ---h----- C:\WINNT\ShellIconCache

2008-07-30 22:07 . 08-07-30 12:52 <DIR> d-------- C:\SDFix

2008-07-30 21:44 . 99-10-26 23:14 22,064 --a------ C:\WINNT\system32\drivers\usbprint.sys

2008-07-30 21:44 . 99-10-26 23:14 22,064 --a--c--- C:\WINNT\system32\dllcache\usbprint.sys

2008-07-30 20:59 . 07-09-15 01:24 17,920 --a------ C:\WINNT\system32\reg.exe

2008-07-30 20:56 . 08-07-30 21:37 <DIR> d-------- C:\Program Files\Navilog1

2008-07-30 20:42 . 08-07-31 17:40 <DIR> d-------- C:\fixwareout

2008-07-30 00:57 . 08-07-30 00:57 <DIR> d-------- C:\WINNT\system32\AlertModule

2008-07-30 00:57 . 04-08-23 13:49 40,960 --a------ C:\WINNT\system32\FTRTSVC.exe

2008-07-30 00:57 . 05-10-06 13:55 36,864 --a------ C:\WINNT\system32\IfHelper.dll

2008-07-30 00:52 . 08-07-30 00:52 <DIR> d-------- C:\Program Files\SAGEM

2008-07-30 00:52 . 08-07-30 00:52 <DIR> d-------- C:\Documents and Settings\FH1.FH\Application Data\InstallShield

2008-07-30 00:52 . 07-04-04 08:08 184,320 --a------ C:\WINNT\system32\coclassfast.dll

2008-07-30 00:52 . 02-08-12 16:20 27,264 --a------ C:\WINNT\system32\drivers\rndismpk.sys

2008-07-30 00:52 . 02-08-12 16:20 11,136 --a------ C:\WINNT\system32\drivers\usb8023k.sys

2008-07-28 14:18 . 08-07-28 14:18 <DIR> d-------- C:\Program Files\Trend Micro

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-31 20:45 --------- d---a-w C:\Program Files\Wanadoo

2008-07-28 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-28 10:44 --------- d-----w C:\Program Files\Securitoo

2006-03-28 19:02 2,007,459 ----a-w C:\Program Files\setupfra.exe

2005-08-31 12:32 271 ---h--w C:\Program Files\desktop.ini

2005-08-31 12:32 22,115 ---h--w C:\Program Files\folder.htt

1999-12-16 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys

1998-09-29 12:56 10,000 ----a-w C:\WINNT\inf\unregpn.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [04-08-23 13:50 122880]

"internat.exe"="internat.exe" [99-12-16 02:00 20752 C:\WINNT\system32\internat.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [04-08-23 13:49 20480]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [04-10-14 15:55 32768]

"LoadQM"="loadqm.exe" [00-05-03 18:23 7536 C:\WINNT\loadqm.exe]

"Synchronization Manager"="mobsync.exe" [99-12-16 02:00 111888 C:\WINNT\system32\mobsync.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [99-12-16 02:00 20752 C:\WINNT\system32\internat.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [99-12-16 02:00 190224]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-09-27 19:13:25 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.VDOM"= vdowave.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

 

R0 FSDFW;F-Secure Distributed Firewall Driver;C:\WINNT\System32\drivers\fsdfw.sys [03-09-24 14:41 ]

R2 FSpm;F-Secure Policy Manager;C:\Program Files\Securitoo\av_fw\Common\FSPM.SYS [03-02-19 06:01 ]

S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys []

S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys []

S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys []

S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []

S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [06-09-02 18:27 ]

S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [05-11-04 17:33 ]

S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINNT\System32\DRIVERS\CnxEtP.sys []

S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINNT\System32\DRIVERS\CnxEtU.sys []

S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINNT\System32\DRIVERS\CnxTgNW.sys []

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 23:38:36

Windows 5.0.2195 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-07-31 23:40:14

ComboFix-quarantined-files.txt 2008-07-31 21:40:08

ComboFix2.txt 2008-07-31 19:10:48

 

Pre-Run: 16,008,527,872 octets libres

Post-Run: 16,008,716,288 octets libres

 

195

 

 

 

 

 

je te donne des nouvelles du PC

il rame et beug souvent je suis obligé à chaque beug de l'eteindre au bouton même ctr'l alt suppr ne fonctionne pas

[Gof]

Re jojemael

 

On va devoir s'arrêter là pour ce soir. Je m'absente une semaine, s'il t'es possible de patienter jusqu'à mon retour, et on reprend

 

Dans l'immédiat, évite de laisser ce PC connecté.

 

A bientôt.

[jojemael]

ok pas de soucie je ne m'en servirais pas et je te dis à la semaine prochaine.

je regaardais si tu m'as envoyé un autre message avec l'autre PC.

Je te remercie bonne semaine.

[jojemael]

Bonjour Gof

je viens au nouvelle

j ai vue que tu etait connecter

ci tu na pas le temps fait mois le savoir

merci

[Gof]

Bonjour jojemael

 

Tu as bien fait. Quelles sont les nouvelles alors ? J'ai un peu perdu le fil. Comment va le premier PC ? Bien j'espère

 

Peux tu me poster un nouveau rapport HijackThis pour le deuxième PC, et me dire les soucis que tu constates toi encore à ton niveau.