Sujet Précédent Sujet Suivant

Infecté par virtumonde

neness88 -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

Je pense etre infecté par virtumonde , a chaque fois que je fais un scan avec spybote il me trouve virtumonde et virtumonde generic , j'ai sans arret des pages de pub et des logiciels qui se telechargent sans mon accord dès que je vais sur internet mais moins depuis que j'ai mis firefox!!!

Merci a tout ceux qui pourront m'aider a virer cette cochonnerie

19 réponses

Réponse 1 / 19
neness88
 
Je poste mon log hijackthis au cas ou....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:52, on 10/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Utilisateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BM132a1eef] Rundll32.exe "C:\WINDOWS\System32\ydtiltur.dll",s
O4 - HKLM\..\Run: [10192d73] rundll32.exe "C:\WINDOWS\System32\ytlyadgk.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/activex/uploader_uni.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file://C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DMA - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe (file missing)
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HBLHZF - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JF - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 2 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 3 / 19
neness88
 
Merci de bien essayer de vouloir m'aider....

Voici mon log combofix

ComboFix 08-04-09.9 - Utilisateur 2008-04-10 22:20:04.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.124 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys.dat
c:\documents and settings\utilisateur\local settings\application data\mxkzys.exe
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys_nav.dat
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys_navps.dat
C:\WINDOWS\BM132a1eef.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXRJYQJ.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\gmdoxmbe.dll
C:\WINDOWS\system32\JQYJRXbc.ini
C:\WINDOWS\system32\JQYJRXbc.ini2
C:\WINDOWS\system32\kgdaylty.ini
C:\WINDOWS\system32\ltdndsap.ini
C:\WINDOWS\system32\pasdndtl.dll
C:\WINDOWS\system32\qinsavxw.dll
C:\WINDOWS\system32\wtrpaktf.dll
C:\WINDOWS\system32\ydtiltur.dll
C:\WINDOWS\system32\ytlyadgk.dll
C:\WINDOWS\zalpqbj.sys

----- BITS: Possible sites infect‚s -----

hxxp://download.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG
-------\Legacy_zalpqbj
-------\zalpqbj

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 21:40 . 2008-04-10 21:55 <REP> d-------- C:\VundoFix Backups
2008-04-10 20:07 . 2008-04-10 20:07 3,648 --a------ C:\WINDOWS\system32\jplbfcom.dll
2008-04-09 19:55 . 2004-05-08 08:59 151,552 --a------ C:\EabInst.dll
2008-04-09 18:57 . 2008-04-09 18:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-09 18:44 . 2008-04-09 18:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-09 15:27 . 2008-04-09 15:27 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-04-09 12:18 . 2008-04-09 12:18 3,648 --a------ C:\WINDOWS\system32\eqpprppo.dll
2008-04-09 11:26 . 2008-04-09 11:26 <REP> d-------- C:\Program Files\Hercules
2008-04-09 11:26 . 2004-11-03 15:03 216,320 --------- C:\WINDOWS\system32\drivers\rt25009x.sys
2008-04-09 11:26 . 2004-11-03 14:59 214,912 --------- C:\WINDOWS\system32\drivers\rt2500.sys
2008-04-09 11:26 . 2004-07-15 09:19 143,360 --------- C:\WINDOWS\system32\drivers\rt25u98.sys
2008-04-09 11:26 . 2004-07-16 17:14 140,416 --------- C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-04-07 21:51 . 2008-04-07 21:51 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 21:11 . 2008-04-07 21:50 <REP> d-------- C:\Program Files\Hercules(2)
2008-04-07 19:17 . 2008-04-07 19:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 19:15 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-07 19:14 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-06 19:49 . 2008-04-06 19:49 57,856 --a------ C:\d.exe
2008-04-06 19:49 . 2008-04-07 10:42 2 --a------ C:\270085596
2008-04-06 19:23 . 2008-04-06 19:23 58,880 --a------ C:\whcbdc.exe
2008-04-06 19:23 . 2008-04-06 19:23 12,800 --a------ C:\djmg.exe
2008-04-02 21:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 09:11 . 2008-04-08 10:40 <REP> d--h----- C:\WINDOWS\system32\svcl32
2008-03-25 20:21 . 2008-03-25 20:21 268 --ah----- C:\sqmdata00.sqm
2008-03-25 20:21 . 2008-03-25 20:21 244 --ah----- C:\sqmnoopt00.sqm
2008-03-11 21:05 . 2008-03-12 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-09 20:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-09 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 12:43 --------- d-----w C:\Program Files\ArcSoft
2008-04-09 12:21 --------- d-----w C:\Program Files\D-Tools
2008-04-09 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 09:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-04 19:07 --------- d-----w C:\Program Files\Java
2008-04-03 17:11 --------- d-----w C:\Program Files\MSN Messenger
2008-04-03 17:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-11 18:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-03-03 18:35 --------- d-----w C:\Program Files\Windows Live
2008-03-03 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-25 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-25 12:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-22 17:29 37 ----a-w C:\Documents and Settings\Utilisateur\getfile.dat
2007-07-03 17:12 6,827 --sh--w C:\WINDOWS\system32\uvvwa.bak1
.
0
Réponse 4 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
le rapport n'est pas complet ! ;-)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
neness88
 
Pourtant j'ai patienté comme c'etait indiqué sans rien toucher , c'est tout ce que j'ai trouvé dans le rapport
0
Réponse 6 / 19
neness88
 
Quand l'ordi a redemarrer combofix s'est affiché en mettant que le rapport était en cours de preparation et qu'il ne fallai pas lancer de programme et c'est paut etre le probleme Avast a detecté un rootkit et comme je n'etait pas sur j'ai ignoré et qqs minutes plus tard l'ordi a redémarré!!!
0
Réponse 7 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
non, en fait, reposte juste combo car le précédent n'est pas complet !

0
Réponse 8 / 19
neness88
 
ComboFix 08-04-09.9 - Utilisateur 2008-04-10 22:20:04.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.124 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys.dat
c:\documents and settings\utilisateur\local settings\application data\mxkzys.exe
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys_nav.dat
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys_navps.dat
C:\WINDOWS\BM132a1eef.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXRJYQJ.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\gmdoxmbe.dll
C:\WINDOWS\system32\JQYJRXbc.ini
C:\WINDOWS\system32\JQYJRXbc.ini2
C:\WINDOWS\system32\kgdaylty.ini
C:\WINDOWS\system32\ltdndsap.ini
C:\WINDOWS\system32\pasdndtl.dll
C:\WINDOWS\system32\qinsavxw.dll
C:\WINDOWS\system32\wtrpaktf.dll
C:\WINDOWS\system32\ydtiltur.dll
C:\WINDOWS\system32\ytlyadgk.dll
C:\WINDOWS\zalpqbj.sys

----- BITS: Possible sites infect‚s -----

hxxp://download.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG
-------\Legacy_zalpqbj
-------\zalpqbj

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 21:40 . 2008-04-10 21:55 <REP> d-------- C:\VundoFix Backups
2008-04-10 20:07 . 2008-04-10 20:07 3,648 --a------ C:\WINDOWS\system32\jplbfcom.dll
2008-04-09 19:55 . 2004-05-08 08:59 151,552 --a------ C:\EabInst.dll
2008-04-09 18:57 . 2008-04-09 18:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-09 18:44 . 2008-04-09 18:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-09 15:27 . 2008-04-09 15:27 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-04-09 12:18 . 2008-04-09 12:18 3,648 --a------ C:\WINDOWS\system32\eqpprppo.dll
2008-04-09 11:26 . 2008-04-09 11:26 <REP> d-------- C:\Program Files\Hercules
2008-04-09 11:26 . 2004-11-03 15:03 216,320 --------- C:\WINDOWS\system32\drivers\rt25009x.sys
2008-04-09 11:26 . 2004-11-03 14:59 214,912 --------- C:\WINDOWS\system32\drivers\rt2500.sys
2008-04-09 11:26 . 2004-07-15 09:19 143,360 --------- C:\WINDOWS\system32\drivers\rt25u98.sys
2008-04-09 11:26 . 2004-07-16 17:14 140,416 --------- C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-04-07 21:51 . 2008-04-07 21:51 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 21:11 . 2008-04-07 21:50 <REP> d-------- C:\Program Files\Hercules(2)
2008-04-07 19:17 . 2008-04-07 19:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 19:15 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-07 19:14 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-06 19:49 . 2008-04-06 19:49 57,856 --a------ C:\d.exe
2008-04-06 19:49 . 2008-04-07 10:42 2 --a------ C:\270085596
2008-04-06 19:23 . 2008-04-06 19:23 58,880 --a------ C:\whcbdc.exe
2008-04-06 19:23 . 2008-04-06 19:23 12,800 --a------ C:\djmg.exe
2008-04-02 21:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 09:11 . 2008-04-08 10:40 <REP> d--h----- C:\WINDOWS\system32\svcl32
2008-03-25 20:21 . 2008-03-25 20:21 268 --ah----- C:\sqmdata00.sqm
2008-03-25 20:21 . 2008-03-25 20:21 244 --ah----- C:\sqmnoopt00.sqm
2008-03-11 21:05 . 2008-03-12 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-09 20:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-09 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 12:43 --------- d-----w C:\Program Files\ArcSoft
2008-04-09 12:21 --------- d-----w C:\Program Files\D-Tools
2008-04-09 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 09:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-04 19:07 --------- d-----w C:\Program Files\Java
2008-04-03 17:11 --------- d-----w C:\Program Files\MSN Messenger
2008-04-03 17:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-11 18:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-03-03 18:35 --------- d-----w C:\Program Files\Windows Live
2008-03-03 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-25 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-25 12:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-22 17:29 37 ----a-w C:\Documents and Settings\Utilisateur\getfile.dat
2007-07-03 17:12 6,827 --sh--w C:\WINDOWS\system32\uvvwa.bak1
.
0
Réponse 9 / 19
neness88
 
VOILA J4AI REFAIT UNE ANALYSE AVEC COMBOFIX ET CELUI LA ME SEMBLE PLUS COMPLET!!!!

MERCI ENCORE

ComboFix 08-04-09.9 - Utilisateur 2008-04-11 10:31:45.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys.dat
c:\documents and settings\utilisateur\local settings\application data\mxkzys.exe
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys_nav.dat
c:\Documents and Settings\Utilisateur\Local Settings\Application Data\mxkzys_navps.dat
C:\WINDOWS\BM132a1eef.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXRJYQJ.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\gmdoxmbe.dll
C:\WINDOWS\system32\JQYJRXbc.ini
C:\WINDOWS\system32\JQYJRXbc.ini2
C:\WINDOWS\system32\kgdaylty.ini
C:\WINDOWS\system32\ltdndsap.ini
C:\WINDOWS\system32\pasdndtl.dll
C:\WINDOWS\system32\qinsavxw.dll
C:\WINDOWS\system32\wtrpaktf.dll
C:\WINDOWS\system32\ydtiltur.dll
C:\WINDOWS\system32\ytlyadgk.dll
C:\WINDOWS\zalpqbj.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG
-------\Legacy_zalpqbj
-------\zalpqbj

((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 21:40 . 2008-04-10 21:55 <REP> d-------- C:\VundoFix Backups
2008-04-10 20:07 . 2008-04-10 20:07 3,648 --a------ C:\WINDOWS\system32\jplbfcom.dll
2008-04-09 19:55 . 2004-05-08 08:59 151,552 --a------ C:\EabInst.dll
2008-04-09 18:57 . 2008-04-09 18:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-09 18:44 . 2008-04-09 18:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-09 15:27 . 2008-04-09 15:27 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-04-09 12:18 . 2008-04-09 12:18 3,648 --a------ C:\WINDOWS\system32\eqpprppo.dll
2008-04-09 11:26 . 2008-04-09 11:26 <REP> d-------- C:\Program Files\Hercules
2008-04-09 11:26 . 2004-11-03 15:03 216,320 --------- C:\WINDOWS\system32\drivers\rt25009x.sys
2008-04-09 11:26 . 2004-11-03 14:59 214,912 --------- C:\WINDOWS\system32\drivers\rt2500.sys
2008-04-09 11:26 . 2004-07-15 09:19 143,360 --------- C:\WINDOWS\system32\drivers\rt25u98.sys
2008-04-09 11:26 . 2004-07-16 17:14 140,416 --------- C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-04-07 21:51 . 2008-04-07 21:51 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 21:11 . 2008-04-07 21:50 <REP> d-------- C:\Program Files\Hercules(2)
2008-04-07 19:17 . 2008-04-07 19:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 19:15 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-07 19:14 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-06 19:49 . 2008-04-07 10:42 2 --a------ C:\270085596
2008-04-06 19:23 . 2008-04-06 19:23 58,880 --a------ C:\whcbdc.exe
2008-04-06 19:23 . 2008-04-06 19:23 12,800 --a------ C:\djmg.exe
2008-04-02 21:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 09:11 . 2008-04-08 10:40 <REP> d--h----- C:\WINDOWS\system32\svcl32
2008-03-25 20:21 . 2008-03-25 20:21 268 --ah----- C:\sqmdata00.sqm
2008-03-25 20:21 . 2008-03-25 20:21 244 --ah----- C:\sqmnoopt00.sqm
2008-03-11 21:05 . 2008-03-12 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-09 20:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-09 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 12:43 --------- d-----w C:\Program Files\ArcSoft
2008-04-09 12:21 --------- d-----w C:\Program Files\D-Tools
2008-04-09 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 09:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-04 19:07 --------- d-----w C:\Program Files\Java
2008-04-03 17:11 --------- d-----w C:\Program Files\MSN Messenger
2008-04-03 17:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-11 18:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-03-03 18:35 --------- d-----w C:\Program Files\Windows Live
2008-03-03 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-25 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-25 12:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-22 17:29 37 ----a-w C:\Documents and Settings\Utilisateur\getfile.dat
2007-07-03 17:12 6,827 --sh--w C:\WINDOWS\system32\uvvwa.bak1
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 19:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 21:22 4730880]
"nwiz"="nwiz.exe" [2004-04-07 21:22 323584 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-31 17:32 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 09:21 245760]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:56 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37 286720]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 18:01 88363 C:\WINDOWS\AGRSMMSG.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 04:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 21:45 1663248]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-20 16:56:07 113664]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-19 19:52:38 125624]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2008-02-11 19:34:30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtussp]
awtussp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu]
C:\WINDOWS\System32\awvvu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOW

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-27 16:52 229376 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerDiscovery]
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

S1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-09-10 19:09]
S3 DMA;DMA;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe []
S3 HBLHZF;HBLHZF;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe []
S3 JF;JF;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-10-02 16:47]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\SE30bus.sys [2006-05-15 15:45]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\SE30mdfl.sys [2006-05-15 15:45]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\SE30mdm.sys [2006-05-15 15:45]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\SE30mgmt.sys [2006-05-15 15:45]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\System32\DRIVERS\se30nd5.sys [2006-05-15 15:45]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\SE30obex.sys [2006-05-15 15:45]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\System32\DRIVERS\se30unic.sys [2006-05-15 15:45]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\System32\DRIVERS\sis163u.sys [2004-12-31 17:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S4 Microsoft Genuine Advantage;Microsoft Genuine Advantage;"C:\WINDOWS\System32\dllcache\winmga.exe" []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 08:00:00 C:\WINDOWS\Tasks\AD4CDAC6912F5036.job"
- c:\docume~1\utilis~1\applic~1\livefl~1\poke roam owns.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 10:35:33
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ???B???????????????B? ??????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\catchme.dll
.
Temps d'accomplissement: 2008-04-11 10:37:11
ComboFix-quarantined-files.txt 2008-04-11 08:36:47
Pre-Run: 9,068,892,160 octets libres
Post-Run: 9,056,268,288 octets libres
0
Réponse 10 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok,

# Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Fix Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
Réponse 11 / 19
neness88
 
Coucou,

Je pense que mon probleme est resolu, j'avais passer vundofix avant combofix et il m'avais detecter 2 fichier infectés et depuis que j'ai passé combofix , vundofix ne me trouve plus rien!!!!

Un grand merci a vous
0
Réponse 12 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

poste un nouveau combo, il y a encore des saletés à déloger !

++
0
Réponse 13 / 19
neness88
 
bonjour, voici mon niouveau log combofix

ComboFix 08-04-09.9 - Utilisateur 2008-04-14 9:59:00.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.84 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\antivirus\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 21:40 . 2008-04-10 21:55 <REP> d-------- C:\VundoFix Backups
2008-04-10 20:07 . 2008-04-10 20:07 3,648 --a------ C:\WINDOWS\system32\jplbfcom.dll
2008-04-09 19:55 . 2004-05-08 08:59 151,552 --a------ C:\EabInst.dll
2008-04-09 18:57 . 2008-04-09 18:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-09 18:44 . 2008-04-09 18:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-09 15:27 . 2008-04-09 15:27 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-04-09 12:18 . 2008-04-09 12:18 3,648 --a------ C:\WINDOWS\system32\eqpprppo.dll
2008-04-09 11:26 . 2008-04-09 11:26 <REP> d-------- C:\Program Files\Hercules
2008-04-09 11:26 . 2004-11-03 15:03 216,320 --------- C:\WINDOWS\system32\drivers\rt25009x.sys
2008-04-09 11:26 . 2004-11-03 14:59 214,912 --------- C:\WINDOWS\system32\drivers\rt2500.sys
2008-04-09 11:26 . 2004-07-15 09:19 143,360 --------- C:\WINDOWS\system32\drivers\rt25u98.sys
2008-04-09 11:26 . 2004-07-16 17:14 140,416 --------- C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-04-07 21:51 . 2008-04-07 21:51 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 21:11 . 2008-04-07 21:50 <REP> d-------- C:\Program Files\Hercules(2)
2008-04-07 19:17 . 2008-04-07 19:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 19:15 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-07 19:14 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-06 19:49 . 2008-04-07 10:42 2 --a------ C:\270085596
2008-04-06 19:23 . 2008-04-06 19:23 58,880 --a------ C:\whcbdc.exe
2008-04-06 19:23 . 2008-04-06 19:23 12,800 --a------ C:\djmg.exe
2008-04-02 21:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 09:11 . 2008-04-08 10:40 <REP> d--h----- C:\WINDOWS\system32\svcl32
2008-03-25 20:21 . 2008-03-25 20:21 268 --ah----- C:\sqmdata00.sqm
2008-03-25 20:21 . 2008-03-25 20:21 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-09 20:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-09 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 12:43 --------- d-----w C:\Program Files\ArcSoft
2008-04-09 12:21 --------- d-----w C:\Program Files\D-Tools
2008-04-09 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 09:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-04 19:07 --------- d-----w C:\Program Files\Java
2008-04-03 17:11 --------- d-----w C:\Program Files\MSN Messenger
2008-04-03 17:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-12 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-11 18:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-03-03 18:35 --------- d-----w C:\Program Files\Windows Live
2008-03-03 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-25 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-25 12:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-22 17:29 37 ----a-w C:\Documents and Settings\Utilisateur\getfile.dat
2007-07-03 17:12 6,827 --sh--w C:\WINDOWS\system32\uvvwa.bak1
.

((((((((((((((((((((((((((((( snapshot@2008-04-11_10.36.28.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-11 08:35:21 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-14 08:02:23 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 19:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 21:22 4730880]
"nwiz"="nwiz.exe" [2004-04-07 21:22 323584 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-31 17:32 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 09:21 245760]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:56 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37 286720]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 18:01 88363 C:\WINDOWS\AGRSMMSG.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 04:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 21:45 1663248]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-20 16:56:07 113664]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-19 19:52:38 125624]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2008-02-11 19:34:30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtussp]
awtussp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu]
C:\WINDOWS\System32\awvvu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOW

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-27 16:52 229376 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerDiscovery]
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

S1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-09-10 19:09]
S3 DMA;DMA;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe []
S3 HBLHZF;HBLHZF;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe []
S3 JF;JF;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-10-02 16:47]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\SE30bus.sys [2006-05-15 15:45]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\SE30mdfl.sys [2006-05-15 15:45]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\SE30mdm.sys [2006-05-15 15:45]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\SE30mgmt.sys [2006-05-15 15:45]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\System32\DRIVERS\se30nd5.sys [2006-05-15 15:45]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\SE30obex.sys [2006-05-15 15:45]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\System32\DRIVERS\se30unic.sys [2006-05-15 15:45]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\System32\DRIVERS\sis163u.sys [2004-12-31 17:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S4 Microsoft Genuine Advantage;Microsoft Genuine Advantage;"C:\WINDOWS\System32\dllcache\winmga.exe" []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-12 13:00:01 C:\WINDOWS\Tasks\AD4CDAC6912F5036.job"
- c:\docume~1\utilis~1\applic~1\livefl~1\poke roam owns.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 10:02:33
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ???B???????????????B? ??????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-14 10:04:19
ComboFix-quarantined-files.txt 2008-04-14 08:03:55
ComboFix2.txt 2008-04-11 08:37:12
Pre-Run: 9,227,550,720 octets libres
Post-Run: 9,214,353,408 octets libres
0
Réponse 14 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

File::

C:\WINDOWS\system32\jplbfcom.dll
C:\WINDOWS\system32\eqpprppo.dll
C:\270085596
C:\whcbdc.exe
C:\djmg.exe
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\System32\awvvu.dll
C:\WINDOWS\System32\awtussp.dll
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe
c:\docume~1\utilis~1\applic~1\livefl~1\poke roam owns.exe

registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtussp]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu]

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

@+
0
Réponse 15 / 19
neness88
 
ComboFix 08-04-09.9 - Utilisateur 2008-04-14 22:54:43.4 - NTFSx86
Endroit: C:\Documents and Settings\Utilisateur\Bureau\antivirus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\270085596
C:\djmg.exe
c:\docume~1\utilis~1\applic~1\livefl~1\poke roam owns.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe
C:\whcbdc.exe
C:\WINDOWS\System32\awtussp.dll
C:\WINDOWS\System32\awvvu.dll
C:\WINDOWS\system32\eqpprppo.dll
C:\WINDOWS\system32\jplbfcom.dll
C:\WINDOWS\system32\uvvwa.bak1
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\270085596
C:\djmg.exe
C:\whcbdc.exe
C:\WINDOWS\system32\eqpprppo.dll
C:\WINDOWS\system32\jplbfcom.dll
C:\WINDOWS\system32\uvvwa.bak1

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 21:40 . 2008-04-10 21:55 <REP> d-------- C:\VundoFix Backups
2008-04-09 19:55 . 2004-05-08 08:59 151,552 --a------ C:\EabInst.dll
2008-04-09 18:57 . 2008-04-09 18:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-09 18:44 . 2008-04-09 18:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-09 15:27 . 2008-04-09 15:27 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-04-09 11:26 . 2008-04-09 11:26 <REP> d-------- C:\Program Files\Hercules
2008-04-09 11:26 . 2004-11-03 15:03 216,320 --------- C:\WINDOWS\system32\drivers\rt25009x.sys
2008-04-09 11:26 . 2004-11-03 14:59 214,912 --------- C:\WINDOWS\system32\drivers\rt2500.sys
2008-04-09 11:26 . 2004-07-15 09:19 143,360 --------- C:\WINDOWS\system32\drivers\rt25u98.sys
2008-04-09 11:26 . 2004-07-16 17:14 140,416 --------- C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-04-07 21:51 . 2008-04-07 21:51 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 21:11 . 2008-04-07 21:50 <REP> d-------- C:\Program Files\Hercules(2)
2008-04-07 19:17 . 2008-04-07 19:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 19:15 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-07 19:14 . 2008-04-09 15:02 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-02 21:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 09:11 . 2008-04-08 10:40 <REP> d--h----- C:\WINDOWS\system32\svcl32
2008-03-25 20:21 . 2008-03-25 20:21 268 --ah----- C:\sqmdata00.sqm
2008-03-25 20:21 . 2008-03-25 20:21 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-09 20:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-09 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 12:43 --------- d-----w C:\Program Files\ArcSoft
2008-04-09 12:21 --------- d-----w C:\Program Files\D-Tools
2008-04-09 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 09:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-04 19:07 --------- d-----w C:\Program Files\Java
2008-04-03 17:11 --------- d-----w C:\Program Files\MSN Messenger
2008-04-03 17:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-12 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-11 18:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-03-03 18:35 --------- d-----w C:\Program Files\Windows Live
2008-03-03 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-25 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-25 12:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-22 17:29 37 ----a-w C:\Documents and Settings\Utilisateur\getfile.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-11_10.36.28.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-09 14:44:11 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\NewShortcut1_AC76BA867AD710337DCD7E8A45A00001.exe
+ 2008-04-14 08:13:46 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\NewShortcut1_AC76BA867AD710337DCD7E8A45A00001.exe
- 2008-04-09 14:44:11 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\Reader_PM_SC_NON_OPT_AC76BA867AD710337DCD7E8A45A00001.exe
+ 2008-04-14 08:13:46 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\Reader_PM_SC_NON_OPT_AC76BA867AD710337DCD7E8A45A00001.exe
- 2008-04-09 14:44:09 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
+ 2008-04-14 08:13:41 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
- 2008-04-11 08:35:21 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-14 20:59:43 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-14 08:08:24 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_558.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 19:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 21:22 4730880]
"nwiz"="nwiz.exe" [2004-04-07 21:22 323584 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-31 17:32 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 09:21 245760]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:56 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37 286720]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 18:01 88363 C:\WINDOWS\AGRSMMSG.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 04:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 21:45 1663248]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-20 16:56:07 113664]
Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-03-23 17:54:37 25214]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-19 19:52:38 125624]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2008-02-11 19:34:30 40960]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOW

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-27 16:52 229376 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerDiscovery]
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-09-10 19:09]
S3 DMA;DMA;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe []
S3 HBLHZF;HBLHZF;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe []
S3 JF;JF;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-10-02 16:47]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\SE30bus.sys [2006-05-15 15:45]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\SE30mdfl.sys [2006-05-15 15:45]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\SE30mdm.sys [2006-05-15 15:45]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\SE30mgmt.sys [2006-05-15 15:45]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\System32\DRIVERS\se30nd5.sys [2006-05-15 15:45]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\SE30obex.sys [2006-05-15 15:45]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\System32\DRIVERS\se30unic.sys [2006-05-15 15:45]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\System32\DRIVERS\sis163u.sys [2004-12-31 17:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S4 Microsoft Genuine Advantage;Microsoft Genuine Advantage;"C:\WINDOWS\System32\dllcache\winmga.exe" []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-14 21:00:08 C:\WINDOWS\Tasks\AD4CDAC6912F5036.job"
- c:\docume~1\utilis~1\applic~1\livefl~1\poke roam owns.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 23:00:03
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ???B???????????????B? ??????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-14 23:04:48
ComboFix-quarantined-files.txt 2008-04-14 21:04:24
ComboFix2.txt 2008-04-14 08:04:20
ComboFix3.txt 2008-04-11 08:37:12
Pre-Run: 8,749,338,624 octets libres
Post-Run: 8,736,305,152 octets libres
0
Réponse 16 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 17 / 19
neness88
 
J'ai refait 2fois la'analyse du système complet avec avg antispyware 7.5 il n'a trouvé que des cookies mais ne m'a généré aucun rapport....

Je post le rapport que ma fait bitdefender en ligne

BitDefender Online Scanner

Scan report generated at: Tue, Apr 15, 2008 - 12:11:06

Scan path: C:\;D:\;

Statistics

Time

01:53:07

Files

304275

Folders

5490

Boot Sectors

2

Archives

8023

Packed Files

17255

Results

Identified Viruses

8

Infected Files

16

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

16

Engines Info

Virus Definitions

1143757

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\dl=>mspass_fr_install.exe=>(ZIP Sfx o)=>mspass.exe

Detected with: Application.MessenPass.N

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\dl=>mspass_fr_install.exe=>(ZIP Sfx o)=>mspass.exe

Disinfection failed

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\dl=>mspass_fr_install.exe=>(ZIP Sfx o)=>mspass.exe

Deleted

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\dl=>mspass_fr_install.exe=>(ZIP Sfx o)

Updated

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\dl=>mspass_fr_install.exe

Update failed

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v1.09-Installer.exe=>(Instyler o)=>(Instyler Module 226)

Detected with: Application.Adware.Savenow.G

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v1.09-Installer.exe=>(Instyler o)=>(Instyler Module 226)

Disinfection failed

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v1.09-Installer.exe=>(Instyler o)=>(Instyler Module 226)

Deleted

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v1.09-Installer.exe=>(Instyler o)

Update failed

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v3.00B5-Installer.exe=>(Instyler o)=>(Instyler Module 54)

Detected with: Application.Adware.Savenow.G

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v3.00B5-Installer.exe=>(Instyler o)=>(Instyler Module 54)

Disinfection failed

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v3.00B5-Installer.exe=>(Instyler o)=>(Instyler Module 54)

Deleted

C:\Documents and Settings\Utilisateur\Mes documents\vanessa.bagard\logiciels\Lphant-v3.00B5-Installer.exe=>(Instyler o)

Update failed

C:\QooBox\Quarantine\C\whcbdc.exe.vir

Infected with: Backdoor.Rustock.NDE

C:\QooBox\Quarantine\C\whcbdc.exe.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\uvvwa.bak1.vir

Infected with: Trojan.Vundo.DVS

C:\QooBox\Quarantine\C\WINDOWS\system32\uvvwa.bak1.vir

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\uvvwa.bak1.vir

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288628.ini

Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288628.ini

Disinfection failed

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288628.ini

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288675.ini

Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288675.ini

Disinfection failed

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288675.ini

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288689.exe

Infected with: Backdoor.Rustock.NDE

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP800\A0288689.exe

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289218.dll

Detected with: Adware.Virtumonde.GIM

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289218.dll

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289220.exe

Infected with: Backdoor.Rustock.NDE

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289220.exe

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289225.dll

Infected with: Trojan.Vundo.EGN

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289225.dll

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289227.dll

Infected with: Trojan.Vundo.EGW

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP805\A0289227.dll

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP814\A0291140.dll

Detected with: Adware.Virtumonde.GIM

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP814\A0291140.dll

Deleted

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP817\A0291402.exe

Infected with: Backdoor.Rustock.NDE

C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP817\A0291402.exe

Deleted

C:\VundoFix Backups\rqRLecdb.dll.bad

Detected with: Adware.Virtumonde.GIM

C:\VundoFix Backups\rqRLecdb.dll.bad

Deleted

C:\WINDOWS\system32\winabcd.hlp

Infected with: DeepScan:Generic.PWStealer.85A0397C

C:\WINDOWS\system32\winabcd.hlp

Disinfection failed

C:\WINDOWS\system32\winabcd.hlp

Deleted
0
Réponse 18 / 19
neness88
 
log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:26, on 15/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utilisateur\Bureau\antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/activex/uploader_uni.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file://C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DMA - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\DMA.exe (file missing)
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HBLHZF - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\HBLHZF.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JF - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\JF.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 19 / 19
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, où en sont tes soucis ??

++
0

Discussions similaires

infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
simon
sisititi -
azert1313 -

1 réponse
Powershell infecté
Bal2bin -
MisteryBean -

8 réponses