pc infecté

[SEYLEEN]

non , regarde bien , tu dois avoir un rapport au format .txt en c:\ ou c:\qoobox ou c:\combofix , style ComboFix-quarantined-files.txt

 

non pas de .txt ? Il y a bien un dossier qoobox et combofix mais pas de .txt ?

[angelique]

ok

 

• Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

 

-------------------------

 

edit:: je regarde ça apres manger , vers 14h00

[SEYLEEN]

ok

 

• Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

 

-------------------------

 

edit:: je regarde ça apres manger , vers 14h00

 

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by CASSIM at 2008-11-15 15:33:59

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 143 GB (94%) free of 153 GB

Total RAM: 958 MB (63% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34, on 2008-11-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\UpsPilot\monitor.exe

C:\Program Files\UpsPilot\jre\bin\javaw.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\UpsPilot\wpRMI.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\UpsPilot\jre\bin\javaw.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\CASSIM\Bureau\RSIT.exe

C:\Documents and Settings\CASSIM\Bureau\SECURITE pc\CASSIM.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Supprimer cette entrée

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF24159.exe /c C:\Combo-Fix\Combobatch.bat

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f3cefc3148cc4adda6f7362d9b8adf78

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f3cefc3148cc4adda6f7362d9b8adf78

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe

O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe

O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe

 

--

End of file - 8169 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GlaryInitialize.job

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-24 2436160]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-02-06 176128]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"combofix"=C:\WINDOWS\system32\CF24159.exe [2008-11-15 401408]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-24 68856]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceClassicControlPanel"=1

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\UpsPilot\jre\bin\javaw.exe"="C:\Program Files\UpsPilot\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a35746-531e-11dd-9e85-0019dbbf7ec4}]

shell\AutoRun\command - E:\setupSNK.exe

 

 

======List of files/folders created in the last 1 months======

 

2008-11-15 15:33:59 ----D---- C:\rsit

2008-11-15 14:46:32 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-15 14:46:32 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-15 14:23:37 ----A---- C:\Boot.bak

2008-11-15 14:23:32 ----RASHD---- C:\cmdcons

2008-11-15 14:22:16 ----A---- C:\WINDOWS\zip.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\VFIND.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\SWSC.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\SWREG.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\sed.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\grep.exe

2008-11-15 14:22:16 ----A---- C:\WINDOWS\fdsv.exe

2008-11-15 14:22:10 ----D---- C:\WINDOWS\ERDNT

2008-11-15 14:22:10 ----D---- C:\Qoobox

2008-11-15 14:22:10 ----D---- C:\Combo-Fix

2008-11-15 14:22:09 ----A---- C:\WINDOWS\system32\CF24159.exe

2008-11-15 13:50:00 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-15 13:27:17 ----D---- C:\WINDOWS\pss

2008-11-15 12:31:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-15 11:43:06 ----A---- C:\fixnavi.txt

2008-11-15 10:10:57 ----D---- C:\temp

2008-11-15 10:07:16 ----D---- C:\Program Files\Avira

2008-11-15 10:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2008-11-11 18:21:42 ----A---- C:\lopR.txt

2008-11-11 18:21:18 ----D---- C:\Lop SD

2008-11-11 17:24:40 ----D---- C:\Program Files\jv16 PowerTools

2008-11-11 16:17:48 ----A---- C:\cleannavi.txt

2008-11-11 16:14:15 ----D---- C:\Program Files\Navilog1

2008-11-11 16:07:55 ----D---- C:\Documents and Settings\CASSIM\Application Data\GlarySoft

2008-11-11 16:03:33 ----D---- C:\Program Files\Glary Utilities

2008-11-11 14:02:15 ----D---- C:\Documents and Settings\CASSIM\Application Data\Malwarebytes

2008-11-11 14:02:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-11 13:52:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-11 13:51:56 ----D---- C:\Program Files\SpywareBlaster

2008-11-11 13:43:54 ----D---- C:\Program Files\CCleaner

2008-11-10 07:54:16 ----A---- C:\WINDOWS\rakozuqo.exe

2008-11-10 07:54:16 ----A---- C:\Documents and Settings\CASSIM\Application Data\xifes.bat

2008-11-10 07:54:16 ----A---- C:\Documents and Settings\All Users\Application Data\ukuxu.dll

2008-11-09 16:31:54 ----A---- C:\WINDOWS\awywiha.dll

2008-11-09 16:31:54 ----A---- C:\Documents and Settings\CASSIM\Application Data\jaze.com

2008-11-09 16:31:54 ----A---- C:\Documents and Settings\All Users\Application Data\epiwyquky.bat

2008-11-09 16:31:54 ----A---- C:\Documents and Settings\All Users\Application Data\ajyf.bat

2008-11-07 14:32:34 ----A---- C:\WINDOWS\system32\77f01424-.txt

 

======List of files/folders modified in the last 1 months======

 

2008-11-15 15:31:06 ----D---- C:\Program Files\Mozilla Firefox

2008-11-15 15:09:54 ----D---- C:\WINDOWS\Temp

2008-11-15 15:09:53 ----D---- C:\WINDOWS

2008-11-15 15:09:02 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-15 15:06:26 ----D---- C:\WINDOWS\Prefetch

2008-11-15 14:53:05 ----D---- C:\WINDOWS\system32\drivers

2008-11-15 14:46:32 ----RD---- C:\Program Files

2008-11-15 14:36:05 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-15 14:30:45 ----D---- C:\WINDOWS\system32\config

2008-11-15 14:30:13 ----D---- C:\WINDOWS\system32

2008-11-15 14:29:55 ----D---- C:\WINDOWS\AppPatch

2008-11-15 14:29:55 ----D---- C:\Program Files\Fichiers communs

2008-11-15 14:23:37 ----RASH---- C:\boot.ini

2008-11-15 13:30:08 ----A---- C:\WINDOWS\win.ini

2008-11-15 13:30:08 ----A---- C:\WINDOWS\system.ini

2008-11-15 11:33:41 ----SHD---- C:\WINDOWS\Installer

2008-11-15 11:33:41 ----HD---- C:\Config.Msi

2008-11-15 10:13:48 ----D---- C:\Documents and Settings\CASSIM\Application Data\Mozilla

2008-11-15 10:11:08 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-11-15 10:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2008-11-15 10:00:26 ----D---- C:\Program Files\Fichiers communs\G DATA

2008-11-14 03:47:11 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-11 18:39:31 ----SHD---- C:\System Volume Information

2008-11-11 18:39:31 ----D---- C:\WINDOWS\system32\Restore

2008-11-11 18:27:16 ----D---- C:\Documents and Settings\CASSIM\Application Data\RDR FOR JOY

2008-11-11 18:27:15 ----SD---- C:\WINDOWS\Tasks

2008-11-11 16:10:46 ----D---- C:\Documents and Settings\CASSIM\Application Data\Macromedia

2008-11-11 16:08:45 ----HD---- C:\WINDOWS\inf

2008-11-11 16:08:45 ----D---- C:\WINDOWS\Help

2008-11-11 16:08:45 ----D---- C:\Program Files\Windows Media Player

2008-11-11 16:08:45 ----D---- C:\Program Files\LimeWire

2008-11-11 13:51:25 ----D---- C:\WINDOWS\system32\LogFiles

2008-11-11 13:50:56 ----D---- C:\WINDOWS\Debug

2008-11-11 13:06:33 ----D---- C:\WINDOWS\system32\appmgmt

2008-11-09 16:24:46 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-10-25 17:58:50 ----SHD---- C:\RECYCLER

2008-10-25 17:58:50 ----D---- C:\Documents and Settings

2008-10-25 09:32:53 ----D---- C:\WINDOWS\network diagnostic

2008-10-24 07:44:51 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-15 75072]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-23 38960]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-03-05 709632]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-06-23 20272]

S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []

S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]

S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-06-23 1413424]

S3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2006-06-23 55984]

S3 LVUVC;Logitech QuickCam PTZ(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-06-23 961072]

S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-15 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 168432]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-09-24 61440]

R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

R2 Winpowermonitor;Winpowermonitor; C:\PROGRA~1\UpsPilot\monitor.exe [2007-10-28 114688]

R3 WinpowerRMI;WinpowerRMI; C:\PROGRA~1\UpsPilot\wpRMI.exe [2007-10-28 114688]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 Winpowermanager;Winpowermanager; C:\PROGRA~1\UpsPilot\manager.exe [2007-10-28 114688]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

 

 

info - Bloc

 

info.txt logfile of random's system information tool 1.04 2008-11-15 15:34:10

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}

Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}

Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}

Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}

Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}

GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}

Glary Utilities 2.8.0.366-->"C:\Program Files\Glary Utilities\unins000.exe"

Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HijackThis 2.0.2-->"C:\Documents and Settings\CASSIM\Bureau\SECURITE pc\HijackThis.exe" /uninstall

HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}

HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat

HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"

Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL

Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}

Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}

Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A}

Navilog1 3.6.9-->"C:\Program Files\Navilog1\unins000.exe"

Nero 7 Essentials-->MsiExec.exe /I{8867CEBD-E6C0-4C7A-83B3-9E45669A1036}

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}

Registry Mechanic-->"C:\Program Files\Registry Mechanic\unins000.exe"

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"

UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}

Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA/S3G Display Driver 6.14.10.0086-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns

WebAnimé v6.06-->"C:\Program Files\WebAnimé\unins000.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Winpower-->"C:\Program Files\UpsPilot\UninstallerData\Uninstall.exe"

Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0604

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

 

-----------------EOF-----------------

[angelique]

y'a eu un p'tit bins avec Combofix effectivement, karna.dat a cependant bien été viré , avais tu bien desactivé temporairement ton antivirus ??par contre tu as reussi à installer desormais MalwareBytes ;o)

 

• relance HijackThis(renommé par RSIT CASSIM.exe) " do a system scan only" , coche uniquement et clic Fixchecked les lignes ci dessous:

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF24159.exe /c C:\Combo-Fix\Combobatch.bat

 

 

 

• desinstalle navilog1 et Lop S&D que tu as apparemment utilisé

 

• comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\fixnavi.txt
C:\lopR.txt
C:\cleannavi.txt
C:\WINDOWS\rakozuqo.exe
C:\Documents and Settings\CASSIM\Application Data\xifes.bat
C:\Documents and Settings\All Users\Application Data\ukuxu.dll
C:\WINDOWS\awywiha.dll
C:\Documents and Settings\CASSIM\Application Data\jaze.com
C:\Documents and Settings\All Users\Application Data\epiwyquky.bat
C:\Documents and Settings\All Users\Application Data\ajyf.bat
C:\WINDOWS\system32\77f01424-.txt

Folder::
C:\Lop SD
C:\Program Files\Navilog1

Dirlook::
C:\Documents and Settings\CASSIM\Application Data\RDR FOR JOY

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

• Lance MBAM qui est installé chez toi

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

• fait un scan avec antivir et poste le rapport généré

[SEYLEEN]

y'a eu un p'tit bins avec Combofix effectivement, karna.dat a cependant bien été viré , avais tu bien desactivé temporairement ton antivirus ??par contre tu as reussi à installer desormais MalwareBytes ;o)

 

• relance HijackThis(renommé par RSIT CASSIM.exe) " do a system scan only" , coche uniquement et clic Fixchecked les lignes ci dessous:

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF24159.exe /c C:\Combo-Fix\Combobatch.bat

 

 

 

• desinstalle navilog1 et Lop S&D que tu as apparemment utilisé

 

• comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\fixnavi.txt
C:\lopR.txt
C:\cleannavi.txt
C:\WINDOWS\rakozuqo.exe
C:\Documents and Settings\CASSIM\Application Data\xifes.bat
C:\Documents and Settings\All Users\Application Data\ukuxu.dll
C:\WINDOWS\awywiha.dll
C:\Documents and Settings\CASSIM\Application Data\jaze.com
C:\Documents and Settings\All Users\Application Data\epiwyquky.bat
C:\Documents and Settings\All Users\Application Data\ajyf.bat
C:\WINDOWS\system32\77f01424-.txt

Folder::
C:\Lop SD
C:\Program Files\Navilog1

Dirlook::
C:\Documents and Settings\CASSIM\Application Data\RDR FOR JOY

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

• Lance MBAM qui est installé chez toi

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

 

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

• fait un scan avec antivir et poste le rapport généré

 

Rapport malbyte:

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1400

Windows 5.1.2600 Service Pack 3

 

15/11/2008 17:47:59

mbam-log-2008-11-15 (17-47-59).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 78653

Temps écoulé: 38 minute(s), 42 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 31

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Qoobox\Quarantine\C\WINDOWS\karna.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\bxkieywn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\chqdth.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\dlsgdigk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\iotikuki.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\jmngwp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\tmjulvrl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\upxuxr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\vfiuifvl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\xmaixh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\ycbdrq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000001.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000005.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000031.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000034.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP0\A0000043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Rapport antivir:

 

 

Avira AntiVir Personal

Report file date: samedi 15 novembre 2008 17:50

 

Scanning for 1035635 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: CASSIM-833E7714

 

Version information:

BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 07:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 06:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 11:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 06:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 07:47:51

ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 07:47:54

ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 07:47:55

ANTIVIR3.VDF : 7.1.0.88 210944 Bytes 14/11/2008 07:47:57

Engineversion : 8.2.0.31

AEVDF.DLL : 8.1.0.6 102772 Bytes 15/11/2008 07:48:19

AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 07:48:18

AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 07:48:16

AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 07:48:15

AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 07:48:13

AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 07:48:11

AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 07:48:10

AEHELP.DLL : 8.1.1.3 119157 Bytes 15/11/2008 07:48:04

AEGEN.DLL : 8.1.1.0 319859 Bytes 15/11/2008 07:48:03

AEEMU.DLL : 8.1.0.9 393588 Bytes 15/11/2008 07:48:01

AECORE.DLL : 8.1.4.1 172405 Bytes 15/11/2008 07:48:00

AEBB.DLL : 8.1.0.3 53618 Bytes 15/11/2008 07:47:58

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 07:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 08:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 07:47:58

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 10:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 07:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 11:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 16:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 11:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 11:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 12:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 12:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Skipped files....................: C:\Program Files\jv16 PowerTools\jv16 PowerTools.exe,

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: samedi 15 novembre 2008 17:50

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'javaw.exe' - '1' Module(s) have been scanned

Scan process 'wpRMI.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'javaw.exe' - '1' Module(s) have been scanned

Scan process 'monitor.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'S3Trayp.exe' - '1' Module(s) have been scanned

Scan process 'VTTimer.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

34 processes with 34 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '59' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\CASSIM\Bureau\Combo-Fix.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '498be2a0.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4be03051.qua' ( QUARANTINE )

C:\Qoobox\Quarantine\C\WINDOWS\brastk.exe.vir

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] A backup was created as '497fe4c3.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b073e54.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DFBB7B38-F219-4096-9A32-67A5926C1649}\RP3\A0000362.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '494ee48f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b393660.qua' ( QUARANTINE )

 

 

End of the scan: samedi 15 novembre 2008 18:11

Used time: 20:37 Minute(s)

 

The scan has been done completely.

 

4669 Scanning directories

160807 Files were scanned

6 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

6 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

160799 Files not concerned

1489 Archives were scanned

1 Warnings

3 Notes

[angelique]

bon , ne fait pas le CFScript , ça sert à rien , toute façon antivir a viré ComboFix

 

• vide la quarantaine de MalwareBytes ainsi que celle d'antivir

 

• supprime c:\qoobox , c:\combofix

 

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

 

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

:files
C:\fixnavi.txt
C:\lopR.txt
C:\cleannavi.txt
C:\WINDOWS\rakozuqo.exe
C:\Documents and Settings\CASSIM\Application Data\xifes.bat
C:\Documents and Settings\All Users\Application Data\ukuxu.dll
C:\WINDOWS\awywiha.dll
C:\Documents and Settings\CASSIM\Application Data\jaze.com
C:\Documents and Settings\All Users\Application Data\epiwyquky.bat
C:\Documents and Settings\All Users\Application Data\ajyf.bat
C:\WINDOWS\system32\77f01424-.txt
C:\Lop SD
C:\Program Files\Navilog1
C:\Documents and Settings\CASSIM\Application Data\RDR FOR JOY

:commands
[emptytemp]

 

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage

* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

* Ferme OTMoveIt3 (en cliquant sur Exit)

 

 

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner:

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

[SEYLEEN]

========== FILES ==========

File/Folder C:\fixnavi.txt not found.

File/Folder C:\lopR.txt not found.

File/Folder C:\cleannavi.txt not found.

File/Folder C:\WINDOWS\rakozuqo.exe not found.

File/Folder C:\Documents and Settings\CASSIM\Application Data\xifes.bat not found.

File/Folder C:\Documents and Settings\All Users\Application Data\ukuxu.dll not found.

File/Folder C:\WINDOWS\awywiha.dll not found.

File/Folder C:\Documents and Settings\CASSIM\Application Data\jaze.com not found.

File/Folder C:\Documents and Settings\All Users\Application Data\epiwyquky.bat not found.

File/Folder C:\Documents and Settings\All Users\Application Data\ajyf.bat not found.

File/Folder C:\WINDOWS\system32\77f01424-.txt not found.

File/Folder C:\Lop SD not found.

File/Folder C:\Program Files\Navilog1 not found.

C:\Documents and Settings\CASSIM\Application Data\RDR FOR JOY moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\CASSIM\LOCALS~1\Temp\etilqs_LIGof7PzTrSdA552gylf scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\1572 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\2608 scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\CASSIM\Local Settings\Application Data\Mozilla\Firefox\Profiles\6wjw03ci.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\CASSIM\Local Settings\Application Data\Mozilla\Firefox\Profiles\6wjw03ci.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\CASSIM\Local Settings\Application Data\Mozilla\Firefox\Profiles\6wjw03ci.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\CASSIM\Local Settings\Application Data\Mozilla\Firefox\Profiles\6wjw03ci.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\CASSIM\Local Settings\Application Data\Mozilla\Firefox\Profiles\6wjw03ci.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\CASSIM\Local Settings\Application Data\Mozilla\Firefox\Profiles\6wjw03ci.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_183837

 

ATF executer point de restauration desactivé et réactivé.

Dois je supprimer RSIT et Otmoveit3

[angelique]

ATF executer point de restauration desactivé et réactivé.

Dois je supprimer RSIT et Otmoveit3

 

oui tu peux , sans probleme suppimer les applis ainsi que leurs Dossiers:

 

-C:\ _OTMoveIt

-C:\rsit

 

tu t'en sorts bien malgré toutes ces merdouilles karna.dat , RK TDSS* , Vundo , .... Veinard ....Merci les developpeurs des Outils .......d'ailleurs t'es moins\pas là = ça va mieux \o/

 

Ton soucis doit etre resolu , donc utilise l'onglet "éditer" sous ton 1er message et ajoute [resolu] dans le titre.

 

Bye \o_

[SEYLEEN]

Re salut ben écoute sans ton aide je n'aurais rien pu faire.D'ailleurs merci j'avais plein plein de saletés sur mon ordinateur j'espère ne pas avoir à te recontacter pour des soucis de ce genre mais bon on ne sait jamais pour l'instant je touche du bois...

je defragmente mon disque dur et puis je pense que je vais relancer antivir au cas ou y aurait des saletés cachés en tout cas le plus gros est fait

 

bye bye

Modifié le 15 novembre 2008 par SEYLEEN

[Avicenne]

Bonsoir et Merci

La lecture des differents post m'as permis de me debarasser d'un spyware , que ni mon antivirus ni mon anti spyware ne reussisais a eradiquer

je n'ai pas eu autant de probleme que sysleen

Et Merci a Angelique