Sujet Précédent Sujet Suivant

Qu'en pensez vous?

Résolu
comprendpô -  
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Salut à vous noctambulantistes, voici mon rpport du soir

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:01:27, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis\CCM.exe
G:\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe

7 réponses

Réponse 1 / 7
Utilisateur anonyme
 
Tu as des problèmes?
0
comprendpô
 
j'essaie de supprimer le trojan virtumonde mais je sais pas s'il est encore la!
0
Réponse 2 / 7
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonsoir comprendspas, Bouddha

En effet, il reste des traces d infection Vundo ici

O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)

Qu'as tu fais en solo ?

Il y a aussi d'autres traces :

Télécharge BTFix de bibi26 http://cluster1.easy-hebergement.net/

Dézippe l'archive sur ton Bureau (clic droit/extraire…)

Ouvre le dossier BTFix en double cliquant dessus puis double clique sur
BTFix.exe

Clique sur Rechercher

Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

@ suivre
0
Utilisateur anonyme
 
Bonsoir comprendspas, Bouddha
================
Tu ne comprends pas quoi?
0
comprendpô
 
SAlut et merci de ton aide,

BTFix 1.080 (par bibi26) - 27/02/2008 01:13:49 - Analyse
Lancé depuis G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée

ACTIONS : Vundofix (il detecte rien)
combofix
et divers nettoyages et scans (spybot, antisuperspyware, cccleaner, kaspersky en cours)

ComboFix 08-02-25.3 - Administrateur 2008-02-26 23:10:58.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1785 [GMT 1:00]
Endroit: G:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINDOWS\system32\gjkkj.ini
G:\WINDOWS\system32\gjkkj.ini2
G:\WINDOWS\system32\qfpqqybp.ini
G:\WINDOWS\system32\sftpqvnm.ini
G:\WINDOWS\system32\svwhnvud.ini
G:\WINDOWS\system32\winsys.exe
G:\WINDOWS\system32\wlktjmeq.ini
G:\WINDOWS\system32\wqskbqbj.ini
G:\WINDOWS\system32\wqskbqbj.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 22:07 . 2008-02-26 22:07 54,156 --ah----- G:\WINDOWS\QTFont.qfn
2008-02-26 22:07 . 2008-02-26 22:07 1,409 --a------ G:\WINDOWS\QTFont.for
2008-02-25 22:13 . 2008-02-25 22:13 <REP> d-------- G:\WINDOWS\Sun
2008-02-25 20:17 . 2008-02-25 20:17 234 --a------ G:\WINDOWS\PrnHlpLogConfig.ini
2008-02-24 21:29 . 2008-02-24 21:29 <REP> d-------- G:\VundoFix Backups
2008-02-24 21:19 . 2008-02-24 21:24 <REP> d-------- G:\Program Files\Garmin
2008-02-24 20:26 . 2008-02-24 20:29 <REP> d-a------ G:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-24 19:17 . 2008-02-24 19:17 41 ---h----- G:\WINDOWS\dpar0014.dat
2008-02-24 18:59 . 2008-02-24 18:59 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Samsung
2008-02-23 23:06 . 2008-02-23 23:06 <REP> d-------- G:\Program Files\Memory-Map
2008-02-23 20:56 . 2008-02-23 21:14 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\GARMIN
2008-02-23 20:32 . 2008-02-23 20:41 <REP> d-------- G:\Program Files\Macromedia
2008-02-23 20:32 . 2008-02-23 20:37 <REP> d-------- G:\Program Files\Fichiers communs\Macromedia
2008-02-23 18:45 . 2007-03-08 17:18 18,432 --a------ G:\WINDOWS\system32\drivers\grmngen.sys
2008-02-23 18:45 . 2006-02-20 19:25 17,536 --a------ G:\WINDOWS\system32\drivers\grmn0200.sys
2008-02-23 18:45 . 2006-04-11 20:51 16,512 --a------ G:\WINDOWS\system32\drivers\grmn0400.sys
2008-02-23 18:45 . 2006-07-11 20:50 11,776 --a------ G:\WINDOWS\system32\drivers\grmn1200.sys
2008-02-23 18:45 . 2007-03-08 17:18 8,320 --a------ G:\WINDOWS\system32\drivers\grmnusb.sys
2008-02-23 15:11 . 2008-02-23 15:18 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-02-21 20:21 . 2008-02-21 20:43 <REP> d-------- G:\Program Files\Fichiers communs\Adobe
2008-02-21 20:20 . 2003-08-11 10:07 14,604 --a------ G:\WINDOWS\system32\drivers\pfc.sys
2008-02-20 21:09 . 2008-02-20 21:09 290,816 --a------ G:\WINDOWS\system32\PVE.dll
2008-02-20 21:08 . 2008-02-20 21:08 <REP> d-------- G:\Program Files\Prodipe
2008-02-20 21:08 . 2008-02-20 21:08 200,704 --a------ G:\WINDOWS\system32\DDD2A.tmp
2008-02-20 19:25 . 2006-08-13 14:34 59,264 --a------ G:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-20 19:25 . 2006-08-13 14:34 59,264 --a--c--- G:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-19 23:55 . 2008-02-26 23:03 <REP> d-------- G:\HijackThis
2008-02-18 21:19 . 2008-02-18 21:19 <REP> d---sc--- G:\Documents and Settings\Administrateur\UserData
2008-02-18 08:03 . 2008-02-20 08:11 4,096 --ahs---- G:\VSNAP.IDX
2008-02-17 21:51 . 2008-02-17 21:51 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Symantec
2008-02-17 20:37 . 2007-03-28 20:29 131,944 --a------ G:\WINDOWS\system32\drivers\symsnap.sys
2008-02-17 20:37 . 2007-03-28 20:49 128,104 --a------ G:\WINDOWS\system32\drivers\WimFltr.sys
2008-02-17 20:37 . 2007-03-28 20:12 109,360 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-02-17 20:37 . 2007-03-28 20:29 37,864 --a------ G:\WINDOWS\system32\drivers\v2imount.sys
2008-02-17 20:37 . 2007-03-28 20:12 15,664 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-02-17 20:37 . 2007-03-28 20:23 14,072 --a------ G:\WINDOWS\system32\drivers\vproeventmonitor.sys
2008-02-17 20:36 . 2008-02-17 20:37 <REP> d-------- G:\Program Files\Norton Ghost
2008-02-17 20:35 . 2008-02-17 20:35 <REP> d-------- G:\Program Files\Symantec
2008-02-17 20:35 . 2008-02-17 20:37 <REP> d-------- G:\Program Files\Fichiers communs\Symantec Shared
2008-02-17 20:35 . 2008-02-17 20:45 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-02-17 16:45 . 2008-02-17 16:45 <REP> d-------- G:\Program Files\Kaspersky Lab
2008-02-17 16:45 . 2008-02-26 23:16 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-02-17 16:45 . 2008-02-26 23:17 8,585,504 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 16:45 . 2008-02-26 23:17 177,184 --ahs---- G:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-17 16:45 . 2008-02-26 23:08 122,276 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
2008-02-17 16:45 . 2008-02-17 16:56 91,700 --a------ G:\WINDOWS\system32\drivers\klin.dat
2008-02-17 16:45 . 2008-02-17 16:45 85,860 --a------ G:\WINDOWS\system32\drivers\klick.dat
2008-02-17 16:45 . 2008-02-26 23:08 20,768 --ahs---- G:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-17 16:26 . 2008-02-17 16:26 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-02-17 15:27 . 2008-02-17 15:31 <REP> d-------- G:\Program Files\SUPERAntiSpyware
2008-02-17 15:27 . 2008-02-17 15:27 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-02-17 15:27 . 2008-02-17 15:27 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-02-17 15:25 . 2008-02-23 23:06 <REP> d-------- G:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-16 20:48 . 2008-02-17 11:23 <REP> d-------- G:\WINDOWS\NV20723744.TMP
2008-02-16 12:31 . 2008-02-16 12:33 <REP> d-------- G:\Program Files\MSN Messenger
2008-02-15 21:14 . 2008-02-15 21:14 <REP> d----c--- G:\Documents and Settings\Administrateur\dwhelper
2008-02-12 20:04 . 2008-02-12 20:04 <REP> d-------- G:\Program Files\Guitar Pro 5
2008-02-07 21:46 . 2008-02-07 21:48 <REP> d-------- G:\WINDOWS\NV28642736.TMP
2008-02-07 21:46 . 2007-12-17 13:53 159,458 --a------ G:\WINDOWS\system32\nvapps.nvb
2008-02-07 19:56 . 2008-02-07 19:56 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-02-06 01:11 . 2008-02-06 01:11 <REP> d-------- G:\Program Files\Propellerhead
2008-02-06 01:07 . 2008-02-06 01:07 368,640 --a------ G:\WINDOWS\system32\ReWire.dll
2008-02-06 01:07 . 2008-02-06 01:07 233,472 --a------ G:\WINDOWS\system32\REX Shared Library.dll
2008-02-06 00:44 . 2008-02-06 00:44 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
2008-02-06 00:44 . 2008-02-06 01:07 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
2008-02-05 23:36 . 2008-02-05 23:36 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-02-05 23:35 . 2008-02-05 23:35 <REP> d-------- G:\Program Files\QuickTime Alternative
2008-02-05 23:35 . 2008-02-05 23:35 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-05 23:35 . 2008-01-10 15:27 90,112 --a------ G:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-05 23:35 . 2008-01-10 15:27 57,344 --a------ G:\WINDOWS\system32\QuickTime.qts
2008-02-05 23:34 . 2008-02-05 23:34 <REP> d-------- G:\Program Files\Free Easy Burner
2008-02-05 23:34 . 2006-11-18 10:38 200,704 --a------ G:\WINDOWS\system32\vbalExpBar6.ocx
2008-02-05 23:34 . 2004-03-08 21:00 152,848 --a------ G:\WINDOWS\system32\COMDLG32.OCX
2008-02-05 23:34 . 2000-05-22 13:58 115,920 --a------ G:\WINDOWS\system32\msinet.OCX
2008-02-05 23:34 . 1999-03-25 17:00 101,888 --a------ G:\WINDOWS\system32\VB6STKIT.DLL
2008-02-05 23:34 . 2003-04-18 14:29 44,544 --a------ G:\WINDOWS\system32\msxml4a.dll
2008-02-05 23:34 . 1998-07-13 16:53 44,544 --a------ G:\WINDOWS\system32\GIF89.DLL
2008-02-05 23:34 . 2003-01-26 11:41 40,960 --a------ G:\WINDOWS\system32\SSubTmr6.dll
2008-02-05 23:34 . 1998-07-12 17:00 32,768 --a------ G:\WINDOWS\system32\CMDLGFR.DLL
2008-02-05 23:34 . 1998-07-12 21:00 15,360 --a------ G:\WINDOWS\system32\inetfr.DLL
2008-02-03 16:49 . 2008-02-03 16:49 <REP> d-------- G:\Program Files\VstPlugins
2008-01-27 23:30 . 2008-01-27 23:30 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Logitech
2008-01-27 23:26 . 2008-01-27 23:26 <REP> d-------- G:\Program Files\Steinberg
2008-01-27 23:22 . 2003-07-31 20:28 147,425 --a------ G:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-01-27 23:22 . 2003-05-26 15:29 120,468 --a------ G:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-01-27 23:22 . 2003-05-26 15:29 114,279 --a------ G:\WINDOWS\system32\SYNSOACC-Help.chm
2008-01-27 23:22 . 2005-05-09 20:08 33,792 --a------ G:\WINDOWS\system32\drivers\cledx.sys
2008-01-27 23:19 . 2008-01-27 23:19 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\vlc
2008-01-27 21:37 . 2008-02-15 19:19 <REP> d----c--- G:\Documents and Settings\Administrateur\amsn
2008-01-27 21:16 . 2008-02-26 21:27 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\foobar2000
2008-01-26 14:13 . 2008-01-26 14:13 <REP> d----c--- G:\Documents and Settings\Administrateur\Contacts
2008-01-26 14:13 . 2008-01-26 14:13 292 --ah----- G:\sqmdata09.sqm
2008-01-26 14:13 . 2008-01-26 14:13 244 --ah----- G:\sqmnoopt09.sqm
2008-01-26 12:28 . 2008-01-26 12:28 81,920 -r------- G:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-01-26 12:27 . 2008-01-26 12:27 <REP> d-------- G:\Program Files\Fichiers communs\Logitech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 21:44 --------- d-----w G:\Program Files\eMule
2008-02-26 19:40 --------- d-----w G:\Program Files\Picasa2
2008-02-25 19:15 139,264 ----a-w G:\WINDOWS\system32\hpzjrd01.dll
2008-02-24 18:17 --------- d-----w G:\Program Files\PhotoFiltre Studio
2008-02-23 19:47 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-02-21 19:20 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-02-17 15:41 --------- d-----w G:\Program Files\Avast4
2008-02-07 18:55 --------- d-----w G:\Program Files\Fichiers communs\InstallShield
2008-02-04 21:17 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-01-27 22:22 --------- d-----w G:\Program Files\Syncrosoft
2008-01-25 19:40 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\HP
2008-01-25 19:35 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\Steinberg
2008-01-25 19:27 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-01-24 22:50 --------- d-----w G:\Program Files\DAEMON Tools
2008-01-24 22:43 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
2008-01-24 22:43 --------- d-----w G:\Program Files\DAEMON Tools Lite
2008-01-24 22:14 639,224 ----a-w G:\WINDOWS\system32\drivers\sptd.sys
2008-01-24 21:58 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2008-01-24 21:51 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-01-24 21:47 --------- d-----w G:\Program Files\HP
2008-01-24 21:47 --------- d-----w G:\Program Files\Fichiers communs\HP
2008-01-24 21:45 --------- d-----w G:\Program Files\PDFCreator
2008-01-24 21:45 --------- d-----w G:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-24 21:45 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-24 21:32 --------- d-----w G:\Program Files\FooBar
2008-01-24 21:15 --------- d-----w G:\Program Files\Spybot
2008-01-24 21:11 --------- d-----w G:\Program Files\Foxit Software
2008-01-24 21:02 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\Talkback
2008-01-24 20:49 --------- d-----w G:\Program Files\Google
2008-01-24 20:41 --------- d-----w G:\Program Files\SystemRequirementsLab
2008-01-24 20:40 --------- d-----w G:\Program Files\Everest
2008-01-24 20:33 --------- d-----w G:\Program Files\Java
2008-01-24 20:31 --------- d-----w G:\Program Files\Audio Deck
2008-01-24 20:28 24,064 ----a-w G:\WINDOWS\autoload.exe
2008-01-24 20:13 --------- d-----w G:\Program Files\HighMAT CD Writing Wizard
2008-01-24 20:12 --------- d-----w G:\Program Files\Fichiers communs\Java
2008-01-24 20:08 --------- d-----w G:\Program Files\Services en ligne
2008-01-19 12:07 --------- d-----w G:\Program Files\Toontrack
2008-01-13 17:03 --------- d-----w G:\Program Files\Autoruns
2008-01-08 20:54 --------- d-----w G:\Program Files\Common Files
2008-01-05 15:40 --------- d-----w G:\Program Files\Bome's Mouse Keyboard
2008-01-03 12:26 --------- d-----w G:\Program Files\Minnetonka Audio Software
2007-12-17 23:44 219,664 ----a-w G:\WINDOWS\system32\klogon.dll
2007-12-17 19:09 585,728 ----a-w G:\Program Files\js.dll
2007-12-17 19:09 2,228,326 ----a-w G:\Program Files\Foxit_JS_ExObjects.dll
2007-12-05 01:53 356,352 ----a-w G:\WINDOWS\system32\NVUNINST.EXE
2007-04-06 14:46 4,037,888 ----a-w G:\Program Files\Foxit_Reader.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0487b2ca-552e-4a7d-9f9d-efb0dd744147}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B4357E9-476F-403A-B1A2-BD9E661CC50C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CDE9161-DF09-497E-B741-5D53351DEE80}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{969C29C4-3F0C-4316-B25C-E017AECBDD36}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2B2F6FE-A746-4BB9-B4E6-FC77827121FF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF1404E5-8DD3-4128-850B-3CCAA9F74244}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C75927FD-A8C9-4340-B7A8-CB26DF8A0973}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9514C5B-0FFA-42B4-B9A6-06D7227641D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5772466-85BC-4364-B207-00D588BDAE38}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 22:58 68856]
"SpybotSD TeaTimer"="G:\Program Files\Spybot\TeaTimer.exe" [2007-08-31 16:46 1460560]
"LDM"="G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-26 12:28 20480]
"Clavier+"="G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe" [2007-10-21 23:53 88576]
"SUPERAntiSpyware"="G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-17 15:31 1470464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"EnvyHFCPL"="G:\Program Files\Audio Deck\EnMixCPL.exe" [2007-05-08 17:28 3898368]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 G:\WINDOWS\system32\nwiz.exe]
"SW20"="G:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="G:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"HP Software Update"="G:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"FIREBOX"="G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 23:04 1003520]
"H2O"="G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"SearchSettings"="G:\Program Files\Search Settings\SearchSettings.exe" [ ]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"Norton Ghost 12.0"="G:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 20:41 2037352]
"PVE"="G:\Program Files\Prodipe\PVE\PVE_GMMode.exe" [2008-02-20 21:08 913408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]
"MsnMsgr"="G:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 G:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdcby]
hggdcby.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"G:\\Program Files\\Messenger\\msmsgs.exe"=
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Program Files\\MSN Messenger\\livecall.exe"=
"G:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"G:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"G:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"G:\\Program Files\\eMule\\emule.exe"=

R3 CLEDX;Team H2O CLEDX service;G:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;G:\WINDOWS\system32\drivers\Envy24HF.sys [2005-02-21 16:47]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;G:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 ps_1394;ps_1394;G:\WINDOWS\system32\Drivers\ps_1394.sys [2004-10-14 23:33]
R3 ps_avs;ps_avs;G:\WINDOWS\system32\Drivers\ps_avs.sys [2004-10-14 23:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf09ec8e-cabc-11dc-8055-806d6172696f}]
\Shell\AutoRun\command - H:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-26 19:00:00 G:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- G:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 23:17:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Norton Ghost\Agent\VProSvc.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-26 23:23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 22:22:39
0
Réponse 3 / 7
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Comprendpô plutot ;)
0
comprendpô
 
éhé :-)
0
Utilisateur anonyme
 
Ha OK ;-) (Je fatigue)
Bonsoir à vous.
0
Réponse 4 / 7
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Le rapport ComboFix date de ce matin, fais un en tout neuf et poste le ici, je file chez un pote qui m'attends, je regarderai cela plus tard a moins que Bouddha ne décrypte ton rapport Combo.

@ plus
0
comprendpô
 
OK le sioux merci
Quand je lance combofix, y a Kaspersky qui se réveille et me dit qu'il y a intrusion d'un programme (invader), c'est peut etre normal?!

bon sinon

ComboFix 08-02-25.3 - Administrateur 2008-02-27 1:23:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1025 [GMT 1:00]
Endroit: G:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.

2008-02-27 00:11 . 2008-02-27 00:10 691,545 --a------ G:\WINDOWS\unins000.exe
2008-02-27 00:11 . 2008-02-27 00:11 2,564 --a------ G:\WINDOWS\unins000.dat
2008-02-26 22:07 . 2008-02-26 22:07 54,156 --ah----- G:\WINDOWS\QTFont.qfn
2008-02-26 22:07 . 2008-02-26 22:07 1,409 --a------ G:\WINDOWS\QTFont.for
2008-02-25 22:13 . 2008-02-25 22:13 <REP> d-------- G:\WINDOWS\Sun
2008-02-25 20:17 . 2008-02-25 20:17 234 --a------ G:\WINDOWS\PrnHlpLogConfig.ini
2008-02-24 21:29 . 2008-02-24 21:29 <REP> d-------- G:\VundoFix Backups
2008-02-24 21:19 . 2008-02-24 21:24 <REP> d-------- G:\Program Files\Garmin
2008-02-24 20:26 . 2008-02-24 20:29 <REP> d-a------ G:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-24 19:17 . 2008-02-24 19:17 41 ---h----- G:\WINDOWS\dpar0014.dat
2008-02-24 18:59 . 2008-02-24 18:59 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Samsung
2008-02-23 23:06 . 2008-02-23 23:06 <REP> d-------- G:\Program Files\Memory-Map
2008-02-23 20:56 . 2008-02-23 21:14 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\GARMIN
2008-02-23 20:32 . 2008-02-23 20:41 <REP> d-------- G:\Program Files\Macromedia
2008-02-23 20:32 . 2008-02-23 20:37 <REP> d-------- G:\Program Files\Fichiers communs\Macromedia
2008-02-23 18:45 . 2007-03-08 17:18 18,432 --a------ G:\WINDOWS\system32\drivers\grmngen.sys
2008-02-23 18:45 . 2006-02-20 19:25 17,536 --a------ G:\WINDOWS\system32\drivers\grmn0200.sys
2008-02-23 18:45 . 2006-04-11 20:51 16,512 --a------ G:\WINDOWS\system32\drivers\grmn0400.sys
2008-02-23 18:45 . 2006-07-11 20:50 11,776 --a------ G:\WINDOWS\system32\drivers\grmn1200.sys
2008-02-23 18:45 . 2007-03-08 17:18 8,320 --a------ G:\WINDOWS\system32\drivers\grmnusb.sys
2008-02-23 15:11 . 2008-02-23 15:18 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-02-21 20:21 . 2008-02-21 20:43 <REP> d-------- G:\Program Files\Fichiers communs\Adobe
2008-02-21 20:20 . 2003-08-11 10:07 14,604 --a------ G:\WINDOWS\system32\drivers\pfc.sys
2008-02-20 21:09 . 2008-02-20 21:09 290,816 --a------ G:\WINDOWS\system32\PVE.dll
2008-02-20 21:08 . 2008-02-20 21:08 <REP> d-------- G:\Program Files\Prodipe
2008-02-20 21:08 . 2008-02-20 21:08 200,704 --a------ G:\WINDOWS\system32\DDD2A.tmp
2008-02-20 19:25 . 2006-08-13 14:34 59,264 --a------ G:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-20 19:25 . 2006-08-13 14:34 59,264 --a--c--- G:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-19 23:55 . 2008-02-27 01:12 <REP> d-------- G:\HijackThis
2008-02-18 21:19 . 2008-02-18 21:19 <REP> d---sc--- G:\Documents and Settings\Administrateur\UserData
2008-02-18 08:03 . 2008-02-20 08:11 4,096 --ahs---- G:\VSNAP.IDX
2008-02-17 21:51 . 2008-02-17 21:51 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Symantec
2008-02-17 20:37 . 2007-03-28 20:49 128,104 --a------ G:\WINDOWS\system32\drivers\WimFltr.sys
2008-02-17 20:37 . 2007-03-28 20:12 109,360 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-02-17 20:37 . 2007-03-28 20:12 15,664 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-02-17 20:36 . 2008-02-17 20:37 <REP> d-------- G:\Program Files\Norton Ghost
2008-02-17 16:45 . 2008-02-17 16:45 <REP> d-------- G:\Program Files\Kaspersky Lab
2008-02-17 16:45 . 2008-02-27 00:15 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-02-17 16:45 . 2008-02-27 01:33 8,766,496 --ahs---- G:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 16:45 . 2008-02-27 01:32 185,888 --ahs---- G:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-17 16:45 . 2008-02-27 00:13 123,524 --ahs---- G:\WINDOWS\system32\drivers\fidbox.idx
2008-02-17 16:45 . 2008-02-17 16:56 91,700 --a------ G:\WINDOWS\system32\drivers\klin.dat
2008-02-17 16:45 . 2008-02-17 16:45 85,860 --a------ G:\WINDOWS\system32\drivers\klick.dat
2008-02-17 16:45 . 2008-02-27 00:13 21,272 --ahs---- G:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-17 16:26 . 2008-02-17 16:26 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-02-17 15:27 . 2008-02-17 15:31 <REP> d-------- G:\Program Files\SUPERAntiSpyware
2008-02-17 15:27 . 2008-02-17 15:27 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-02-17 15:27 . 2008-02-17 15:27 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-02-17 15:25 . 2008-02-23 23:06 <REP> d-------- G:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-16 20:48 . 2008-02-17 11:23 <REP> d-------- G:\WINDOWS\NV20723744.TMP
2008-02-16 12:31 . 2008-02-16 12:33 <REP> d-------- G:\Program Files\MSN Messenger
2008-02-15 21:14 . 2008-02-15 21:14 <REP> d----c--- G:\Documents and Settings\Administrateur\dwhelper
2008-02-12 20:04 . 2008-02-12 20:04 <REP> d-------- G:\Program Files\Guitar Pro 5
2008-02-07 21:46 . 2008-02-07 21:48 <REP> d-------- G:\WINDOWS\NV28642736.TMP
2008-02-07 21:46 . 2007-12-17 13:53 159,458 --a------ G:\WINDOWS\system32\nvapps.nvb
2008-02-07 19:56 . 2008-02-07 19:56 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-02-06 01:11 . 2008-02-06 01:11 <REP> d-------- G:\Program Files\Propellerhead
2008-02-06 01:07 . 2008-02-06 01:07 368,640 --a------ G:\WINDOWS\system32\ReWire.dll
2008-02-06 01:07 . 2008-02-06 01:07 233,472 --a------ G:\WINDOWS\system32\REX Shared Library.dll
2008-02-06 00:44 . 2008-02-06 00:44 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
2008-02-06 00:44 . 2008-02-06 01:07 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
2008-02-05 23:36 . 2008-02-05 23:36 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-02-05 23:35 . 2008-02-05 23:35 <REP> d-------- G:\Program Files\QuickTime Alternative
2008-02-05 23:35 . 2008-02-05 23:35 <REP> d-------- G:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-05 23:35 . 2008-01-10 15:27 90,112 --a------ G:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-05 23:35 . 2008-01-10 15:27 57,344 --a------ G:\WINDOWS\system32\QuickTime.qts
2008-02-05 23:34 . 2008-02-05 23:34 <REP> d-------- G:\Program Files\Free Easy Burner
2008-02-05 23:34 . 2006-11-18 10:38 200,704 --a------ G:\WINDOWS\system32\vbalExpBar6.ocx
2008-02-05 23:34 . 2004-03-08 21:00 152,848 --a------ G:\WINDOWS\system32\COMDLG32.OCX
2008-02-05 23:34 . 2000-05-22 13:58 115,920 --a------ G:\WINDOWS\system32\msinet.OCX
2008-02-05 23:34 . 1999-03-25 17:00 101,888 --a------ G:\WINDOWS\system32\VB6STKIT.DLL
2008-02-05 23:34 . 2003-04-18 14:29 44,544 --a------ G:\WINDOWS\system32\msxml4a.dll
2008-02-05 23:34 . 1998-07-13 16:53 44,544 --a------ G:\WINDOWS\system32\GIF89.DLL
2008-02-05 23:34 . 2003-01-26 11:41 40,960 --a------ G:\WINDOWS\system32\SSubTmr6.dll
2008-02-05 23:34 . 1998-07-12 17:00 32,768 --a------ G:\WINDOWS\system32\CMDLGFR.DLL
2008-02-05 23:34 . 1998-07-12 21:00 15,360 --a------ G:\WINDOWS\system32\inetfr.DLL
2008-02-03 16:49 . 2008-02-03 16:49 <REP> d-------- G:\Program Files\VstPlugins
2008-01-27 23:30 . 2008-01-27 23:30 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\Logitech
2008-01-27 23:26 . 2008-01-27 23:26 <REP> d-------- G:\Program Files\Steinberg
2008-01-27 23:22 . 2003-07-31 20:28 147,425 --a------ G:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-01-27 23:22 . 2003-05-26 15:29 120,468 --a------ G:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-01-27 23:22 . 2003-05-26 15:29 114,279 --a------ G:\WINDOWS\system32\SYNSOACC-Help.chm
2008-01-27 23:22 . 2005-05-09 20:08 33,792 --a------ G:\WINDOWS\system32\drivers\cledx.sys
2008-01-27 23:19 . 2008-01-27 23:19 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\vlc
2008-01-27 21:37 . 2008-02-15 19:19 <REP> d----c--- G:\Documents and Settings\Administrateur\amsn
2008-01-27 21:16 . 2008-02-26 21:27 <REP> d----c--- G:\Documents and Settings\Administrateur\Application Data\foobar2000

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 23:15 --------- d-----w G:\Program Files\Spybot
2008-02-26 23:15 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-26 21:44 --------- d-----w G:\Program Files\eMule
2008-02-26 19:40 --------- d-----w G:\Program Files\Picasa2
2008-02-25 19:15 139,264 ----a-w G:\WINDOWS\system32\hpzjrd01.dll
2008-02-24 18:17 --------- d-----w G:\Program Files\PhotoFiltre Studio
2008-02-23 19:47 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-02-21 19:20 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-02-17 15:41 --------- d-----w G:\Program Files\Avast4
2008-02-07 18:55 --------- d-----w G:\Program Files\Fichiers communs\InstallShield
2008-02-04 21:17 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-01-27 22:22 --------- d-----w G:\Program Files\Syncrosoft
2008-01-26 11:28 81,920 ------r G:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-01-26 11:27 --------- d-----w G:\Program Files\Fichiers communs\Logitech
2008-01-25 19:40 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\HP
2008-01-25 19:35 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\Steinberg
2008-01-25 19:27 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-01-24 22:50 --------- d-----w G:\Program Files\DAEMON Tools
2008-01-24 22:43 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
2008-01-24 22:43 --------- d-----w G:\Program Files\DAEMON Tools Lite
2008-01-24 22:14 639,224 ----a-w G:\WINDOWS\system32\drivers\sptd.sys
2008-01-24 21:58 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2008-01-24 21:51 --------- d-----w G:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-01-24 21:47 --------- d-----w G:\Program Files\HP
2008-01-24 21:47 --------- d-----w G:\Program Files\Fichiers communs\HP
2008-01-24 21:45 --------- d-----w G:\Program Files\PDFCreator
2008-01-24 21:45 --------- d-----w G:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-24 21:32 --------- d-----w G:\Program Files\FooBar
2008-01-24 21:11 --------- d-----w G:\Program Files\Foxit Software
2008-01-24 21:02 --------- dc----w G:\Documents and Settings\Administrateur\Application Data\Talkback
2008-01-24 20:49 --------- d-----w G:\Program Files\Google
2008-01-24 20:41 --------- d-----w G:\Program Files\SystemRequirementsLab
2008-01-24 20:40 --------- d-----w G:\Program Files\Everest
2008-01-24 20:33 --------- d-----w G:\Program Files\Java
2008-01-24 20:31 --------- d-----w G:\Program Files\Audio Deck
2008-01-24 20:28 24,064 ----a-w G:\WINDOWS\autoload.exe
2008-01-24 20:13 --------- d-----w G:\Program Files\HighMAT CD Writing Wizard
2008-01-24 20:12 --------- d-----w G:\Program Files\Fichiers communs\Java
2008-01-24 20:08 --------- d-----w G:\Program Files\Services en ligne
2008-01-19 12:07 --------- d-----w G:\Program Files\Toontrack
2008-01-13 17:03 --------- d-----w G:\Program Files\Autoruns
2008-01-08 20:54 --------- d-----w G:\Program Files\Common Files
2008-01-05 15:40 --------- d-----w G:\Program Files\Bome's Mouse Keyboard
2008-01-03 12:26 --------- d-----w G:\Program Files\Minnetonka Audio Software
2007-12-17 23:44 219,664 ----a-w G:\WINDOWS\system32\klogon.dll
2007-12-17 19:09 585,728 ----a-w G:\Program Files\js.dll
2007-12-17 19:09 2,228,326 ----a-w G:\Program Files\Foxit_JS_ExObjects.dll
2007-12-05 01:53 356,352 ----a-w G:\WINDOWS\system32\NVUNINST.EXE
2007-04-06 14:46 4,037,888 ----a-w G:\Program Files\Foxit_Reader.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0487b2ca-552e-4a7d-9f9d-efb0dd744147}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B4357E9-476F-403A-B1A2-BD9E661CC50C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CDE9161-DF09-497E-B741-5D53351DEE80}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{969C29C4-3F0C-4316-B25C-E017AECBDD36}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2B2F6FE-A746-4BB9-B4E6-FC77827121FF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C75927FD-A8C9-4340-B7A8-CB26DF8A0973}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9514C5B-0FFA-42B4-B9A6-06D7227641D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5772466-85BC-4364-B207-00D588BDAE38}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"SpybotSD TeaTimer"="G:\Program Files\Spybot\TeaTimer.exe" [2008-01-28 11:43 2097488]
"LDM"="G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-26 12:28 20480]
"Clavier+"="G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe" [2007-10-21 23:53 88576]
"SUPERAntiSpyware"="G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-17 15:31 1470464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"EnvyHFCPL"="G:\Program Files\Audio Deck\EnMixCPL.exe" [2007-05-08 17:28 3898368]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 G:\WINDOWS\system32\nwiz.exe]
"SW20"="G:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="G:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"HP Software Update"="G:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"FIREBOX"="G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 23:04 1003520]
"H2O"="G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"SearchSettings"="G:\Program Files\Search Settings\SearchSettings.exe" [ ]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"PVE"="G:\Program Files\Prodipe\PVE\PVE_GMMode.exe" [2008-02-20 21:08 913408]
"Norton Ghost 12.0"="G:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 20:41 2037352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]
"MsnMsgr"="G:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

G:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
Logitech Desktop Messenger.lnk - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-11-06 13:29:22 450560]
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\KEM.exe [2007-09-20 23:10:52 581632]
WinZip Quick Pick.lnk - G:\Program Files\WinZip\WZQKPICK.EXE [2007-09-20 22:45:48 389120]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 G:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdcby]
hggdcby.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"G:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"G:\\Program Files\\Messenger\\msmsgs.exe"=
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Program Files\\MSN Messenger\\livecall.exe"=
"G:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"G:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"G:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"G:\\Program Files\\eMule\\emule.exe"=

R3 CLEDX;Team H2O CLEDX service;G:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;G:\WINDOWS\system32\drivers\Envy24HF.sys [2005-02-21 16:47]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;G:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 ps_1394;ps_1394;G:\WINDOWS\system32\Drivers\ps_1394.sys [2004-10-14 23:33]
R3 ps_avs;ps_avs;G:\WINDOWS\system32\Drivers\ps_avs.sys [2004-10-14 23:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf09ec8e-cabc-11dc-8055-806d6172696f}]
\Shell\AutoRun\command - H:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-26 23:00:00 G:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- G:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 01:32:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-27 1:36:27
ComboFix-quarantined-files.txt 2008-02-27 00:36:16
ComboFix2.txt 2008-02-26 22:23:46

@++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Utilisateur anonyme
 
Quand je lance combofix, y a Kaspersky qui se réveille et me dit qu'il y a intrusion d'un programme (invader), c'est peut etre normal?!
==============
Oui
0
comprendpô
 
Ko sinon il t'inspire le rapport compo bouddha ?

++
0
Réponse 6 / 7
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Salut Indy... ;-)
Ce mec nous mène en bourrique
http://www.commentcamarche.net/forum/affich 5203538 vundo insupressible#0
http://www.commentcamarche.net/forum/affich 5205476 avis rapport hijack#0
http://www.commentcamarche.net/forum/affich 5204006 trojan vundo siou plait#0
http://www.commentcamarche.net/forum/affich 5206124 suis je infeste#0
http://www.commentcamarche.net/forum/affich 5206069 qu en pensez vous#0

tetraplon.....
0
comprendpô
 
pas du tout !! j'ai fait l'erreur d'ouvrir pls topics et maintenant m'emmèle les pinceaux ! Désolé je vais essayer de rectifier le tir
0
Réponse 7 / 7
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonsoir Jeorgino

Et merci de l'info l'ami.

Comprends pô, continu sur l'un de tes autres sujets en cours ... celui-ci va être mis en résolu.

Bonsoir.
0