Virtumonde pas les mm fichiers
Résolu
Alexemma83
-
ep44 Messages postés 7393 Date d'inscription Statut Contributeur Dernière intervention -
ep44 Messages postés 7393 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
j'ai le même problème que les collègue du forum mais n'ayant pas les même fichiers sélectionnés par Hitjack est-ce le même procédé?
voici le rapport donné
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:15, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\OLITEC\ACU.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wxyvmpob.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ludo\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {018D9636-8F35-4C76-B8BF-FE2736DA84E3} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FDE0B42-F5F8-419D-BAEE-D6898BC02C89} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6927B3EB-B98F-44FC-B85E-0C9AAD35878E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {DB87CA40-BDB7-4B66-BB29-534B31DAB37C} - (no file)
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - C:\WINDOWS\system32\tuvVPfDU.dll (file missing)
O2 - BHO: (no name) - {E6B584B9-47A3-48A3-9534-8B1C7A7F7241} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [xwektopj] C:\WINDOWS\system32\etwhahgn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gkghijxp] C:\WINDOWS\system32\rapmdspi.exe
O4 - HKCU\..\Run: [zqqeczvh] C:\WINDOWS\system32\wxyvmpob.exe
O4 - HKCU\..\Run: [zsuhczcc] C:\WINDOWS\system32\hyzqdgrw.exe
O4 - HKCU\..\Run: [sctabhly] C:\WINDOWS\system32\vszejstw.exe
O4 - HKLM\..\Policies\Explorer\Run: [cU9xPb0tLv] C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208896598_2558d46a7b3ae43e213d85639754aab4&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
j'ai le même problème que les collègue du forum mais n'ayant pas les même fichiers sélectionnés par Hitjack est-ce le même procédé?
voici le rapport donné
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:15, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\OLITEC\ACU.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wxyvmpob.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ludo\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {018D9636-8F35-4C76-B8BF-FE2736DA84E3} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FDE0B42-F5F8-419D-BAEE-D6898BC02C89} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6927B3EB-B98F-44FC-B85E-0C9AAD35878E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {DB87CA40-BDB7-4B66-BB29-534B31DAB37C} - (no file)
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - C:\WINDOWS\system32\tuvVPfDU.dll (file missing)
O2 - BHO: (no name) - {E6B584B9-47A3-48A3-9534-8B1C7A7F7241} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [xwektopj] C:\WINDOWS\system32\etwhahgn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gkghijxp] C:\WINDOWS\system32\rapmdspi.exe
O4 - HKCU\..\Run: [zqqeczvh] C:\WINDOWS\system32\wxyvmpob.exe
O4 - HKCU\..\Run: [zsuhczcc] C:\WINDOWS\system32\hyzqdgrw.exe
O4 - HKCU\..\Run: [sctabhly] C:\WINDOWS\system32\vszejstw.exe
O4 - HKLM\..\Policies\Explorer\Run: [cU9xPb0tLv] C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208896598_2558d46a7b3ae43e213d85639754aab4&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
A voir également:
- Virtumonde pas les mm fichiers
- Renommer des fichiers en masse - Guide
- Fichiers epub - Guide
- Wetransfer gratuit fichiers lourd - Guide
- Explorateur de fichiers - Guide
- Supprimer les fichiers temporaires - Guide
21 réponses
slt,
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
________________
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\etwhahgn.exe
C:\WINDOWS\system32\rapmdspi.exe
C:\WINDOWS\system32\wxyvmpob.exe
C:\WINDOWS\system32\hyzqdgrw.exe
C:\WINDOWS\system32\vszejstw.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
vire ce qui est dans moved files e allant dans POSTE DE TRAVAIL puis C puis OTMOVIT
__________________
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "Killvund". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
________________
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\etwhahgn.exe
C:\WINDOWS\system32\rapmdspi.exe
C:\WINDOWS\system32\wxyvmpob.exe
C:\WINDOWS\system32\hyzqdgrw.exe
C:\WINDOWS\system32\vszejstw.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
vire ce qui est dans moved files e allant dans POSTE DE TRAVAIL puis C puis OTMOVIT
__________________
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "Killvund". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
slt
fait tout ce que j'ai mis en 1 et colle les rapport
et
un grand coucou a ep44
fait tout ce que j'ai mis en 1 et colle les rapport
et
un grand coucou a ep44
[05/01/2008, 13:30:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ludo\Bureau\VirtumundoBeGone.exe" )
[05/01/2008, 13:31:05] - Detected System Information:
[05/01/2008, 13:31:05] - Windows Version: 5.1.2600, Service Pack 2
[05/01/2008, 13:31:05] - Current Username: Ludo (Admin)
[05/01/2008, 13:31:05] - Windows is in NORMAL mode.
[05/01/2008, 13:31:05] - Searching for Browser Helper Objects:
[05/01/2008, 13:31:05] - BHO 1: {018D9636-8F35-4C76-B8BF-FE2736DA84E3} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/01/2008, 13:31:05] - BHO 3: {2FDE0B42-F5F8-419D-BAEE-D6898BC02C89} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/01/2008, 13:31:05] - BHO 5: {6927B3EB-B98F-44FC-B85E-0C9AAD35878E} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/01/2008, 13:31:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/01/2008, 13:31:05] - BHO 8: {DB87CA40-BDB7-4B66-BB29-534B31DAB37C} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 9: {E48AA619-23E0-412D-AB72-6BEBF0450E82} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - Checking for HKLM\...\Winlogon\Notify\tuvVPfDU
[05/01/2008, 13:31:05] - Key not found: HKLM\...\Winlogon\Notify\tuvVPfDU, continuing.
[05/01/2008, 13:31:05] - BHO 10: {E6B584B9-47A3-48A3-9534-8B1C7A7F7241} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - Finished Searching Browser Helper Objects
[05/01/2008, 13:31:05] - Finishing up...
[05/01/2008, 13:31:05] - Nothing found! Exiting...
voici pour 1
[05/01/2008, 13:31:05] - Detected System Information:
[05/01/2008, 13:31:05] - Windows Version: 5.1.2600, Service Pack 2
[05/01/2008, 13:31:05] - Current Username: Ludo (Admin)
[05/01/2008, 13:31:05] - Windows is in NORMAL mode.
[05/01/2008, 13:31:05] - Searching for Browser Helper Objects:
[05/01/2008, 13:31:05] - BHO 1: {018D9636-8F35-4C76-B8BF-FE2736DA84E3} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/01/2008, 13:31:05] - BHO 3: {2FDE0B42-F5F8-419D-BAEE-D6898BC02C89} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/01/2008, 13:31:05] - BHO 5: {6927B3EB-B98F-44FC-B85E-0C9AAD35878E} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/01/2008, 13:31:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/01/2008, 13:31:05] - BHO 8: {DB87CA40-BDB7-4B66-BB29-534B31DAB37C} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - BHO 9: {E48AA619-23E0-412D-AB72-6BEBF0450E82} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - Checking for HKLM\...\Winlogon\Notify\tuvVPfDU
[05/01/2008, 13:31:05] - Key not found: HKLM\...\Winlogon\Notify\tuvVPfDU, continuing.
[05/01/2008, 13:31:05] - BHO 10: {E6B584B9-47A3-48A3-9534-8B1C7A7F7241} ()
[05/01/2008, 13:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 13:31:05] - No filename found. Continuing.
[05/01/2008, 13:31:05] - Finished Searching Browser Helper Objects
[05/01/2008, 13:31:05] - Finishing up...
[05/01/2008, 13:31:05] - Nothing found! Exiting...
voici pour 1
File/Folder C:\WINDOWS\system32\etwhahgn.exe not found.
File/Folder C:\WINDOWS\system32\rapmdspi.exe not found.
C:\WINDOWS\system32\wxyvmpob.exe moved successfully.
C:\WINDOWS\system32\hyzqdgrw.exe moved successfully.
C:\WINDOWS\system32\vszejstw.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_133322
et pour le 2ème
je continue........ merci de ton attention
File/Folder C:\WINDOWS\system32\rapmdspi.exe not found.
C:\WINDOWS\system32\wxyvmpob.exe moved successfully.
C:\WINDOWS\system32\hyzqdgrw.exe moved successfully.
C:\WINDOWS\system32\vszejstw.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_133322
et pour le 2ème
je continue........ merci de ton attention
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport :
ComboFix 08-04-29.5 - Ludo 2008-05-01 13:42:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.221 [GMT 2:00]
Endroit: C:\Documents and Settings\Ludo\Bureau\Killvund.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dJRsYcdd.ini
C:\WINDOWS\system32\dJRsYcdd.ini2
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\EMooYccf.ini
C:\WINDOWS\system32\EMooYccf.ini2
C:\WINDOWS\system32\lbilurxk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MpAcfMoq.ini
C:\WINDOWS\system32\MpAcfMoq.ini2
C:\WINDOWS\system32\nqteimkb.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\tjuahusi.ini
C:\WINDOWS\system32\UDfPVvut.ini
C:\WINDOWS\system32\UDfPVvut.ini2
C:\WINDOWS\system32\wibvmrkm.ini
C:\WINDOWS\system32\wkyidhhw.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:33 . 2008-05-01 13:33 <REP> d-------- C:\_OTMoveIt
2008-05-01 11:49 . 2008-05-01 11:49 <REP> d-------- C:\VundoFix Backups
2008-04-23 08:22 . 2008-04-25 14:59 672 --a------ C:\WINDOWS\wininit.ini
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 23:29 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-22 22:39 . 2008-04-22 23:09 <REP> d-------- C:\Documents and Settings\Ludo\.housecall6.6
2008-04-22 22:38 . 2008-04-22 22:38 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 22:37 . 2008-04-22 22:58 <REP> d-------- C:\Program Files\Google
2008-04-22 22:36 . 2008-04-22 22:36 <REP> d-------- C:\Program Files\Java
2008-04-22 22:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 22:35 . 2008-04-22 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-22 20:33 . 2008-04-22 20:33 <REP> d-------- C:\WINDOWS\report
2008-04-22 20:32 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\LPT$VPN.231
2008-04-22 20:30 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-22 20:30 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\VPTNFILE.231
2008-04-22 20:30 . 2008-04-22 20:30 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-22 20:30 . 2008-04-22 20:30 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-22 20:30 . 2008-04-22 20:30 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-22 20:30 . 2008-04-22 20:30 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-22 20:30 . 2008-04-22 20:30 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-22 20:30 . 2008-04-22 23:20 823 --a------ C:\WINDOWS\tsc.ini
2008-04-22 20:27 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-22 20:27 . 2008-04-22 20:27 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-22 20:27 . 2008-04-22 20:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-22 20:27 . 2008-04-22 20:27 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-22 20:27 . 2008-04-22 20:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-22 20:27 . 2008-04-22 20:27 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-22 20:14 . 2008-04-22 20:14 <REP> d--h----- C:\WINDOWS\PIF
2008-04-22 14:37 . 2008-04-22 12:06 167,936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-22 14:37 . 2008-04-22 12:06 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-22 14:37 . 2008-04-22 12:06 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\VBIEWER.OCX
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-22 14:34 . 2008-05-01 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ybmvkpsb
2008-04-13 19:05 . 2008-04-13 19:05 <REP> d-------- C:\Program Files\OLITEC
2008-04-13 19:05 . 2005-09-21 10:26 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-04-10 19:42 . 2008-04-10 19:42 <REP> d-------- C:\Program Files\NFO viewer
2008-04-10 19:34 . 2008-04-10 19:34 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Media Player Classic
2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\vlc
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\DAEMON Tools
2008-04-10 19:23 . 2008-04-10 19:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-10 19:22 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\VideoLAN
2008-04-10 19:19 . 2008-04-24 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-10 19:18 . 2008-04-10 19:18 <REP> d-------- C:\Program Files\7-Zip
2008-04-10 18:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-10 18:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 23:14 . 2008-04-09 23:14 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-09 22:58 . 2008-04-09 22:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 22:55 . 2008-04-09 22:55 <REP> d-------- C:\Program Files\MSBuild
2008-04-09 22:52 . 2008-04-09 23:20 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 22:51 . 2008-04-09 22:51 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-09 22:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 22:49 . 2008-04-09 22:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 22:49 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 22:49 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 22:49 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 22:48 . 2008-04-22 23:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 22:48 . 2008-04-09 22:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 22:39 . 2008-04-09 22:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-09 22:06 . 2008-04-09 22:06 <REP> d-------- C:\Program Files\Neuf
2008-04-09 21:57 . 2008-04-09 21:57 <REP> d-------- C:\temp
2008-04-09 21:40 . 2008-04-09 21:40 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 20:22 . 2008-04-09 22:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-09 20:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-09 19:50 . 2008-04-09 19:50 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:48 . 2008-04-09 19:49 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-09 18:59 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-09 18:59 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-09 18:59 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-09 18:55 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-09 18:47 . 2008-04-09 18:47 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\provisioning
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\peernet
2008-04-08 23:47 . 2008-04-08 23:47 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 23:39 . 2008-04-08 23:39 <REP> d-------- C:\WINDOWS\EHome
2008-04-08 23:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-08 23:32 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-08 23:32 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-08 23:32 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-08 23:16 . 2008-04-09 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 23:16 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:15 . 2008-04-08 23:15 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-08 23:15 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-08 23:15 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-08 23:15 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-08 23:15 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-08 23:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-08 23:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-08 23:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-08 23:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-08 23:10 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-08 23:10 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 23:10 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 23:03 . 2008-04-08 23:03 <REP> d--hs---- C:\Documents and Settings\Ludo\UserData
2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\Alwil Software
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Ludo\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage r‚seau
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage d'impression
2008-04-08 22:15 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Ludo\ModŠles
2008-04-08 22:15 . 2008-04-23 08:40 <REP> dr------- C:\Documents and Settings\Ludo\Mes documents
2008-04-08 22:15 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Ludo\Menu D‚marrer
2008-04-08 22:15 . 2008-04-09 20:27 <REP> dr------- C:\Documents and Settings\Ludo\Favoris
2008-04-08 22:15 . 2008-05-01 13:41 <REP> d-------- C:\Documents and Settings\Ludo\Bureau
2008-04-08 22:15 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Symantec
2008-04-08 22:15 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Sony Corporation
2008-04-08 22:15 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\InterTrust
2008-04-08 22:15 . 2008-05-01 13:45 <REP> d-------- C:\Documents and Settings\Ludo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 17:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-09 19:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018D9636-8F35-4C76-B8BF-FE2736DA84E3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FDE0B42-F5F8-419D-BAEE-D6898BC02C89}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6927B3EB-B98F-44FC-B85E-0C9AAD35878E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB87CA40-BDB7-4B66-BB29-534B31DAB37C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48AA619-23E0-412D-AB72-6BEBF0450E82}]
C:\WINDOWS\system32\tuvVPfDU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B584B9-47A3-48A3-9534-8B1C7A7F7241}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"xwektopj"="C:\WINDOWS\system32\etwhahgn.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 19:10 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"gkghijxp"="C:\WINDOWS\system32\rapmdspi.exe" [ ]
"zqqeczvh"="C:\WINDOWS\system32\wxyvmpob.exe" [ ]
"zsuhczcc"="C:\WINDOWS\system32\hyzqdgrw.exe" [ ]
"sctabhly"="C:\WINDOWS\system32\vszejstw.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ACU"="C:\Program Files\OLITEC\ACU.exe" [2005-11-25 09:52 307200]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cU9xPb0tLv"= C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-24 17:32:48 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 13:45:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\ApntEx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 13:47:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 11:47:33
Pre-Run: 21,309,739,008 octets libres
Post-Run: 21,305,851,904 octets libres
249 --- E O F --- 2008-04-09 21:37:25
Enfuite? keske fe fais? :)
ComboFix 08-04-29.5 - Ludo 2008-05-01 13:42:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.221 [GMT 2:00]
Endroit: C:\Documents and Settings\Ludo\Bureau\Killvund.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dJRsYcdd.ini
C:\WINDOWS\system32\dJRsYcdd.ini2
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\EMooYccf.ini
C:\WINDOWS\system32\EMooYccf.ini2
C:\WINDOWS\system32\lbilurxk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MpAcfMoq.ini
C:\WINDOWS\system32\MpAcfMoq.ini2
C:\WINDOWS\system32\nqteimkb.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\tjuahusi.ini
C:\WINDOWS\system32\UDfPVvut.ini
C:\WINDOWS\system32\UDfPVvut.ini2
C:\WINDOWS\system32\wibvmrkm.ini
C:\WINDOWS\system32\wkyidhhw.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:33 . 2008-05-01 13:33 <REP> d-------- C:\_OTMoveIt
2008-05-01 11:49 . 2008-05-01 11:49 <REP> d-------- C:\VundoFix Backups
2008-04-23 08:22 . 2008-04-25 14:59 672 --a------ C:\WINDOWS\wininit.ini
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 23:29 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-22 22:39 . 2008-04-22 23:09 <REP> d-------- C:\Documents and Settings\Ludo\.housecall6.6
2008-04-22 22:38 . 2008-04-22 22:38 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 22:37 . 2008-04-22 22:58 <REP> d-------- C:\Program Files\Google
2008-04-22 22:36 . 2008-04-22 22:36 <REP> d-------- C:\Program Files\Java
2008-04-22 22:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 22:35 . 2008-04-22 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-22 20:33 . 2008-04-22 20:33 <REP> d-------- C:\WINDOWS\report
2008-04-22 20:32 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\LPT$VPN.231
2008-04-22 20:30 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-22 20:30 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\VPTNFILE.231
2008-04-22 20:30 . 2008-04-22 20:30 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-22 20:30 . 2008-04-22 20:30 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-22 20:30 . 2008-04-22 20:30 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-22 20:30 . 2008-04-22 20:30 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-22 20:30 . 2008-04-22 20:30 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-22 20:30 . 2008-04-22 23:20 823 --a------ C:\WINDOWS\tsc.ini
2008-04-22 20:27 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-22 20:27 . 2008-04-22 20:27 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-22 20:27 . 2008-04-22 20:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-22 20:27 . 2008-04-22 20:27 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-22 20:27 . 2008-04-22 20:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-22 20:27 . 2008-04-22 20:27 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-22 20:14 . 2008-04-22 20:14 <REP> d--h----- C:\WINDOWS\PIF
2008-04-22 14:37 . 2008-04-22 12:06 167,936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-22 14:37 . 2008-04-22 12:06 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-22 14:37 . 2008-04-22 12:06 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\VBIEWER.OCX
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-22 14:34 . 2008-05-01 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ybmvkpsb
2008-04-13 19:05 . 2008-04-13 19:05 <REP> d-------- C:\Program Files\OLITEC
2008-04-13 19:05 . 2005-09-21 10:26 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-04-10 19:42 . 2008-04-10 19:42 <REP> d-------- C:\Program Files\NFO viewer
2008-04-10 19:34 . 2008-04-10 19:34 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Media Player Classic
2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\vlc
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\DAEMON Tools
2008-04-10 19:23 . 2008-04-10 19:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-10 19:22 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\VideoLAN
2008-04-10 19:19 . 2008-04-24 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-10 19:18 . 2008-04-10 19:18 <REP> d-------- C:\Program Files\7-Zip
2008-04-10 18:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-10 18:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 23:14 . 2008-04-09 23:14 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-09 22:58 . 2008-04-09 22:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 22:55 . 2008-04-09 22:55 <REP> d-------- C:\Program Files\MSBuild
2008-04-09 22:52 . 2008-04-09 23:20 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 22:51 . 2008-04-09 22:51 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-09 22:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 22:49 . 2008-04-09 22:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 22:49 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 22:49 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 22:49 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 22:48 . 2008-04-22 23:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 22:48 . 2008-04-09 22:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 22:39 . 2008-04-09 22:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-09 22:06 . 2008-04-09 22:06 <REP> d-------- C:\Program Files\Neuf
2008-04-09 21:57 . 2008-04-09 21:57 <REP> d-------- C:\temp
2008-04-09 21:40 . 2008-04-09 21:40 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 20:22 . 2008-04-09 22:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-09 20:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-09 19:50 . 2008-04-09 19:50 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:48 . 2008-04-09 19:49 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-09 18:59 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-09 18:59 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-09 18:59 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-09 18:55 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-09 18:47 . 2008-04-09 18:47 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\provisioning
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\peernet
2008-04-08 23:47 . 2008-04-08 23:47 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 23:39 . 2008-04-08 23:39 <REP> d-------- C:\WINDOWS\EHome
2008-04-08 23:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-08 23:32 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-08 23:32 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-08 23:32 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-08 23:16 . 2008-04-09 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 23:16 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:15 . 2008-04-08 23:15 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-08 23:15 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-08 23:15 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-08 23:15 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-08 23:15 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-08 23:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-08 23:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-08 23:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-08 23:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-08 23:10 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-08 23:10 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 23:10 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 23:03 . 2008-04-08 23:03 <REP> d--hs---- C:\Documents and Settings\Ludo\UserData
2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\Alwil Software
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Ludo\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage r‚seau
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage d'impression
2008-04-08 22:15 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Ludo\ModŠles
2008-04-08 22:15 . 2008-04-23 08:40 <REP> dr------- C:\Documents and Settings\Ludo\Mes documents
2008-04-08 22:15 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Ludo\Menu D‚marrer
2008-04-08 22:15 . 2008-04-09 20:27 <REP> dr------- C:\Documents and Settings\Ludo\Favoris
2008-04-08 22:15 . 2008-05-01 13:41 <REP> d-------- C:\Documents and Settings\Ludo\Bureau
2008-04-08 22:15 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Symantec
2008-04-08 22:15 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Sony Corporation
2008-04-08 22:15 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\InterTrust
2008-04-08 22:15 . 2008-05-01 13:45 <REP> d-------- C:\Documents and Settings\Ludo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 17:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-09 19:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018D9636-8F35-4C76-B8BF-FE2736DA84E3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FDE0B42-F5F8-419D-BAEE-D6898BC02C89}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6927B3EB-B98F-44FC-B85E-0C9AAD35878E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB87CA40-BDB7-4B66-BB29-534B31DAB37C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48AA619-23E0-412D-AB72-6BEBF0450E82}]
C:\WINDOWS\system32\tuvVPfDU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B584B9-47A3-48A3-9534-8B1C7A7F7241}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"xwektopj"="C:\WINDOWS\system32\etwhahgn.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 19:10 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"gkghijxp"="C:\WINDOWS\system32\rapmdspi.exe" [ ]
"zqqeczvh"="C:\WINDOWS\system32\wxyvmpob.exe" [ ]
"zsuhczcc"="C:\WINDOWS\system32\hyzqdgrw.exe" [ ]
"sctabhly"="C:\WINDOWS\system32\vszejstw.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ACU"="C:\Program Files\OLITEC\ACU.exe" [2005-11-25 09:52 307200]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cU9xPb0tLv"= C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-24 17:32:48 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 13:45:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\ApntEx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 13:47:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 11:47:33
Pre-Run: 21,309,739,008 octets libres
Post-Run: 21,305,851,904 octets libres
249 --- E O F --- 2008-04-09 21:37:25
Enfuite? keske fe fais? :)
analyse ces fichiers dans virus total et si inféctés tu les rajoutes dans la partie FILE:: dans la procedure suivante
https://www.virustotal.com/gui/
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\wxvgsdbq.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\qmgrprxy.dll
________________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\tuvVPfDU.dll
C:\WINDOWS\system32\wxyvmpob.exe
C:\WINDOWS\system32\vszejstw.exe
C:\WINDOWS\system32\hyzqdgrw.exe
C:\WINDOWS\system32\rapmdspi.exe
C:\WINDOWS\system32\etwhahgn.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018D9636-8F35-4C76-B8BF-FE2736DA84E3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FDE0B42-F5F8-419D-BAEE-D6898BC02C89}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6927B3EB-B98F-44FC-B85E-0C9AAD35878E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB87CA40-BDB7-4B66-BB29-534B31DAB37C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48AA619-23E0-412D-AB72-6BEBF0450E82}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B584B9-47A3-48A3-9534-8B1C7A7F7241}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xwektopj"=-
"gkghijxp"=-
"zqqeczvh"=-
"zsuhczcc"=-
"sctabhly"=-
"cU9xPb0tLv"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
https://www.virustotal.com/gui/
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\wxvgsdbq.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\qmgrprxy.dll
________________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\tuvVPfDU.dll
C:\WINDOWS\system32\wxyvmpob.exe
C:\WINDOWS\system32\vszejstw.exe
C:\WINDOWS\system32\hyzqdgrw.exe
C:\WINDOWS\system32\rapmdspi.exe
C:\WINDOWS\system32\etwhahgn.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
C:\Documents and Settings\All Users\Application Data\ybmvkpsb
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018D9636-8F35-4C76-B8BF-FE2736DA84E3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FDE0B42-F5F8-419D-BAEE-D6898BC02C89}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6927B3EB-B98F-44FC-B85E-0C9AAD35878E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB87CA40-BDB7-4B66-BB29-534B31DAB37C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48AA619-23E0-412D-AB72-6BEBF0450E82}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B584B9-47A3-48A3-9534-8B1C7A7F7241}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xwektopj"=-
"gkghijxp"=-
"zqqeczvh"=-
"zsuhczcc"=-
"sctabhly"=-
"cU9xPb0tLv"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
et voiloiu pour combo
ComboFix 08-04-29.5 - Ludo 2008-05-01 18:10:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.233 [GMT 2:00]
Endroit: C:\Documents and Settings\Ludo\Bureau\Killvund.exe
Command switches used :: C:\Documents and Settings\Ludo\Bureau\CFscript.doc
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:33 . 2008-05-01 13:33 <REP> d-------- C:\_OTMoveIt
2008-05-01 11:49 . 2008-05-01 11:49 <REP> d-------- C:\VundoFix Backups
2008-04-23 08:22 . 2008-04-25 14:59 672 --a------ C:\WINDOWS\wininit.ini
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 23:29 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-22 22:39 . 2008-04-22 23:09 <REP> d-------- C:\Documents and Settings\Ludo\.housecall6.6
2008-04-22 22:38 . 2008-04-22 22:38 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 22:37 . 2008-04-22 22:58 <REP> d-------- C:\Program Files\Google
2008-04-22 22:36 . 2008-04-22 22:36 <REP> d-------- C:\Program Files\Java
2008-04-22 22:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 22:35 . 2008-04-22 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-22 20:33 . 2008-04-22 20:33 <REP> d-------- C:\WINDOWS\report
2008-04-22 20:32 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\LPT$VPN.231
2008-04-22 20:30 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-22 20:30 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\VPTNFILE.231
2008-04-22 20:30 . 2008-04-22 20:30 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-22 20:30 . 2008-04-22 20:30 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-22 20:30 . 2008-04-22 20:30 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-22 20:30 . 2008-04-22 20:30 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-22 20:30 . 2008-04-22 20:30 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-22 20:30 . 2008-04-22 23:20 823 --a------ C:\WINDOWS\tsc.ini
2008-04-22 20:27 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-22 20:27 . 2008-04-22 20:27 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-22 20:27 . 2008-04-22 20:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-22 20:27 . 2008-04-22 20:27 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-22 20:27 . 2008-04-22 20:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-22 20:27 . 2008-04-22 20:27 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-22 20:14 . 2008-04-22 20:14 <REP> d--h----- C:\WINDOWS\PIF
2008-04-22 14:37 . 2008-04-22 12:06 167,936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-22 14:37 . 2008-04-22 12:06 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-22 14:37 . 2008-04-22 12:06 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\VBIEWER.OCX
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-22 14:34 . 2008-05-01 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ybmvkpsb
2008-04-13 19:05 . 2008-04-13 19:05 <REP> d-------- C:\Program Files\OLITEC
2008-04-13 19:05 . 2005-09-21 10:26 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-04-10 19:42 . 2008-04-10 19:42 <REP> d-------- C:\Program Files\NFO viewer
2008-04-10 19:34 . 2008-04-10 19:34 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Media Player Classic
2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\vlc
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\DAEMON Tools
2008-04-10 19:23 . 2008-04-10 19:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-10 19:22 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\VideoLAN
2008-04-10 19:19 . 2008-04-24 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-10 19:18 . 2008-04-10 19:18 <REP> d-------- C:\Program Files\7-Zip
2008-04-10 18:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-10 18:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 23:14 . 2008-04-09 23:14 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-09 22:58 . 2008-04-09 22:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 22:55 . 2008-04-09 22:55 <REP> d-------- C:\Program Files\MSBuild
2008-04-09 22:52 . 2008-04-09 23:20 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 22:51 . 2008-04-09 22:51 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-09 22:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 22:49 . 2008-04-09 22:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 22:49 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 22:49 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 22:49 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 22:48 . 2008-04-22 23:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 22:48 . 2008-04-09 22:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 22:39 . 2008-04-09 22:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-09 22:06 . 2008-04-09 22:06 <REP> d-------- C:\Program Files\Neuf
2008-04-09 21:57 . 2008-04-09 21:57 <REP> d-------- C:\temp
2008-04-09 21:40 . 2008-04-09 21:40 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 20:22 . 2008-04-09 22:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-09 20:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-09 19:50 . 2008-04-09 19:50 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:48 . 2008-04-09 19:49 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-09 18:59 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-09 18:59 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-09 18:59 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-09 18:55 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-09 18:47 . 2008-04-09 18:47 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\provisioning
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\peernet
2008-04-08 23:47 . 2008-04-08 23:47 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 23:39 . 2008-04-08 23:39 <REP> d-------- C:\WINDOWS\EHome
2008-04-08 23:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-08 23:32 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-08 23:32 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-08 23:32 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-08 23:16 . 2008-04-09 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 23:16 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:15 . 2008-04-08 23:15 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-08 23:15 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-08 23:15 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-08 23:15 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-08 23:15 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-08 23:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-08 23:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-08 23:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-08 23:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-08 23:10 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-08 23:10 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 23:10 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 23:03 . 2008-04-08 23:03 <REP> d--hs---- C:\Documents and Settings\Ludo\UserData
2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\Alwil Software
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Ludo\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage réseau
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage d'impression
2008-04-08 22:15 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Ludo\Modèles
2008-04-08 22:15 . 2008-04-23 08:40 <REP> dr------- C:\Documents and Settings\Ludo\Mes documents
2008-04-08 22:15 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Ludo\Menu Démarrer
2008-04-08 22:15 . 2008-04-09 20:27 <REP> dr------- C:\Documents and Settings\Ludo\Favoris
2008-04-08 22:15 . 2008-05-01 18:10 <REP> d-------- C:\Documents and Settings\Ludo\Bureau
2008-04-08 22:15 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Symantec
2008-04-08 22:15 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Sony Corporation
2008-04-08 22:15 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\InterTrust
2008-04-08 22:15 . 2008-05-01 13:45 <REP> d-------- C:\Documents and Settings\Ludo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 17:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-09 19:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48AA619-23E0-412D-AB72-6BEBF0450E82}]
C:\WINDOWS\system32\tuvVPfDU.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"xwektopj"="C:\WINDOWS\system32\etwhahgn.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 19:10 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"gkghijxp"="C:\WINDOWS\system32\rapmdspi.exe" [ ]
"zqqeczvh"="C:\WINDOWS\system32\wxyvmpob.exe" [ ]
"zsuhczcc"="C:\WINDOWS\system32\hyzqdgrw.exe" [ ]
"sctabhly"="C:\WINDOWS\system32\vszejstw.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ACU"="C:\Program Files\OLITEC\ACU.exe" [2005-11-25 09:52 307200]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PowerPanel.lnk - C:\Program Files\powerpanel\Program\PcfMgr.exe [2003-08-04 13:57:34 880640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cU9xPb0tLv"= C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-01 14:27:59 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 18:11:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 18:12:38
ComboFix-quarantined-files.txt 2008-05-01 16:12:33
ComboFix2.txt 2008-05-01 11:47:38
Pre-Run: 21,288,521,728 octets libres
Post-Run: 21,277,044,736 octets libres
218 --- E O F --- 2008-04-09 21:37:25
Alors, en attendant je fait hitjack
ComboFix 08-04-29.5 - Ludo 2008-05-01 18:10:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.233 [GMT 2:00]
Endroit: C:\Documents and Settings\Ludo\Bureau\Killvund.exe
Command switches used :: C:\Documents and Settings\Ludo\Bureau\CFscript.doc
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:33 . 2008-05-01 13:33 <REP> d-------- C:\_OTMoveIt
2008-05-01 11:49 . 2008-05-01 11:49 <REP> d-------- C:\VundoFix Backups
2008-04-23 08:22 . 2008-04-25 14:59 672 --a------ C:\WINDOWS\wininit.ini
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 23:29 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-22 22:39 . 2008-04-22 23:09 <REP> d-------- C:\Documents and Settings\Ludo\.housecall6.6
2008-04-22 22:38 . 2008-04-22 22:38 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 22:37 . 2008-04-22 22:58 <REP> d-------- C:\Program Files\Google
2008-04-22 22:36 . 2008-04-22 22:36 <REP> d-------- C:\Program Files\Java
2008-04-22 22:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 22:35 . 2008-04-22 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-22 20:33 . 2008-04-22 20:33 <REP> d-------- C:\WINDOWS\report
2008-04-22 20:32 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\LPT$VPN.231
2008-04-22 20:30 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-22 20:30 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\VPTNFILE.231
2008-04-22 20:30 . 2008-04-22 20:30 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-22 20:30 . 2008-04-22 20:30 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-22 20:30 . 2008-04-22 20:30 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-22 20:30 . 2008-04-22 20:30 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-22 20:30 . 2008-04-22 20:30 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-22 20:30 . 2008-04-22 23:20 823 --a------ C:\WINDOWS\tsc.ini
2008-04-22 20:27 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-22 20:27 . 2008-04-22 20:27 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-22 20:27 . 2008-04-22 20:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-22 20:27 . 2008-04-22 20:27 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-22 20:27 . 2008-04-22 20:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-22 20:27 . 2008-04-22 20:27 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-22 20:14 . 2008-04-22 20:14 <REP> d--h----- C:\WINDOWS\PIF
2008-04-22 14:37 . 2008-04-22 12:06 167,936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-22 14:37 . 2008-04-22 12:06 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-22 14:37 . 2008-04-22 12:06 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\VBIEWER.OCX
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-22 14:34 . 2008-05-01 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ybmvkpsb
2008-04-13 19:05 . 2008-04-13 19:05 <REP> d-------- C:\Program Files\OLITEC
2008-04-13 19:05 . 2005-09-21 10:26 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-04-10 19:42 . 2008-04-10 19:42 <REP> d-------- C:\Program Files\NFO viewer
2008-04-10 19:34 . 2008-04-10 19:34 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Media Player Classic
2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\vlc
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\DAEMON Tools
2008-04-10 19:23 . 2008-04-10 19:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-10 19:22 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\VideoLAN
2008-04-10 19:19 . 2008-04-24 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-10 19:18 . 2008-04-10 19:18 <REP> d-------- C:\Program Files\7-Zip
2008-04-10 18:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-10 18:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 23:14 . 2008-04-09 23:14 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-09 22:58 . 2008-04-09 22:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 22:55 . 2008-04-09 22:55 <REP> d-------- C:\Program Files\MSBuild
2008-04-09 22:52 . 2008-04-09 23:20 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 22:51 . 2008-04-09 22:51 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-09 22:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 22:49 . 2008-04-09 22:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 22:49 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 22:49 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 22:49 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 22:48 . 2008-04-22 23:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 22:48 . 2008-04-09 22:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 22:39 . 2008-04-09 22:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-09 22:06 . 2008-04-09 22:06 <REP> d-------- C:\Program Files\Neuf
2008-04-09 21:57 . 2008-04-09 21:57 <REP> d-------- C:\temp
2008-04-09 21:40 . 2008-04-09 21:40 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 20:22 . 2008-04-09 22:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-09 20:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-09 19:50 . 2008-04-09 19:50 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:48 . 2008-04-09 19:49 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-09 18:59 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-09 18:59 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-09 18:59 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-09 18:55 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-09 18:47 . 2008-04-09 18:47 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\provisioning
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\peernet
2008-04-08 23:47 . 2008-04-08 23:47 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 23:39 . 2008-04-08 23:39 <REP> d-------- C:\WINDOWS\EHome
2008-04-08 23:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-08 23:32 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-08 23:32 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-08 23:32 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-08 23:16 . 2008-04-09 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 23:16 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:15 . 2008-04-08 23:15 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-08 23:15 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-08 23:15 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-08 23:15 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-08 23:15 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-08 23:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-08 23:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-08 23:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-08 23:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-08 23:10 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-08 23:10 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 23:10 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 23:03 . 2008-04-08 23:03 <REP> d--hs---- C:\Documents and Settings\Ludo\UserData
2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\Alwil Software
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Ludo\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage réseau
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage d'impression
2008-04-08 22:15 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Ludo\Modèles
2008-04-08 22:15 . 2008-04-23 08:40 <REP> dr------- C:\Documents and Settings\Ludo\Mes documents
2008-04-08 22:15 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Ludo\Menu Démarrer
2008-04-08 22:15 . 2008-04-09 20:27 <REP> dr------- C:\Documents and Settings\Ludo\Favoris
2008-04-08 22:15 . 2008-05-01 18:10 <REP> d-------- C:\Documents and Settings\Ludo\Bureau
2008-04-08 22:15 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Symantec
2008-04-08 22:15 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Sony Corporation
2008-04-08 22:15 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\InterTrust
2008-04-08 22:15 . 2008-05-01 13:45 <REP> d-------- C:\Documents and Settings\Ludo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 17:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-09 19:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E48AA619-23E0-412D-AB72-6BEBF0450E82}]
C:\WINDOWS\system32\tuvVPfDU.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"xwektopj"="C:\WINDOWS\system32\etwhahgn.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 19:10 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"gkghijxp"="C:\WINDOWS\system32\rapmdspi.exe" [ ]
"zqqeczvh"="C:\WINDOWS\system32\wxyvmpob.exe" [ ]
"zsuhczcc"="C:\WINDOWS\system32\hyzqdgrw.exe" [ ]
"sctabhly"="C:\WINDOWS\system32\vszejstw.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ACU"="C:\Program Files\OLITEC\ACU.exe" [2005-11-25 09:52 307200]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PowerPanel.lnk - C:\Program Files\powerpanel\Program\PcfMgr.exe [2003-08-04 13:57:34 880640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cU9xPb0tLv"= C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-01 14:27:59 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 18:11:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 18:12:38
ComboFix-quarantined-files.txt 2008-05-01 16:12:33
ComboFix2.txt 2008-05-01 11:47:38
Pre-Run: 21,288,521,728 octets libres
Post-Run: 21,277,044,736 octets libres
218 --- E O F --- 2008-04-09 21:37:25
Alors, en attendant je fait hitjack
et Hitjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:21, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\OLITEC\ACU.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ludo\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - C:\WINDOWS\system32\tuvVPfDU.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [xwektopj] C:\WINDOWS\system32\etwhahgn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gkghijxp] C:\WINDOWS\system32\rapmdspi.exe
O4 - HKCU\..\Run: [zqqeczvh] C:\WINDOWS\system32\wxyvmpob.exe
O4 - HKCU\..\Run: [zsuhczcc] C:\WINDOWS\system32\hyzqdgrw.exe
O4 - HKCU\..\Run: [sctabhly] C:\WINDOWS\system32\vszejstw.exe
O4 - HKLM\..\Policies\Explorer\Run: [cU9xPb0tLv] C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208896598_2558d46a7b3ae43e213d85639754aab4&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:21, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\OLITEC\ACU.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ludo\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - C:\WINDOWS\system32\tuvVPfDU.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [xwektopj] C:\WINDOWS\system32\etwhahgn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gkghijxp] C:\WINDOWS\system32\rapmdspi.exe
O4 - HKCU\..\Run: [zqqeczvh] C:\WINDOWS\system32\wxyvmpob.exe
O4 - HKCU\..\Run: [zsuhczcc] C:\WINDOWS\system32\hyzqdgrw.exe
O4 - HKCU\..\Run: [sctabhly] C:\WINDOWS\system32\vszejstw.exe
O4 - HKLM\..\Policies\Explorer\Run: [cU9xPb0tLv] C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208896598_2558d46a7b3ae43e213d85639754aab4&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
REFAIS LA PROCEDURE DU MESSAGE 14 avec combofix car tu as mal fais
regarde ici:
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
regarde ici:
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
ComboFix 08-04-29.5 - Ludo 2008-05-01 19:38:16.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.185 [GMT 2:00]
Endroit: C:\Documents and Settings\Ludo\Bureau\Combofix.exe
Command switches used :: C:\Documents and Settings\Ludo\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\All Users\Application Data\ybmvkpsb
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
C:\WINDOWS\system32\etwhahgn.exe
C:\WINDOWS\system32\hyzqdgrw.exe
C:\WINDOWS\system32\rapmdspi.exe
C:\WINDOWS\system32\tuvVPfDU.dll
C:\WINDOWS\system32\vszejstw.exe
C:\WINDOWS\system32\wxyvmpob.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:33 . 2008-05-01 13:33 <REP> d-------- C:\_OTMoveIt
2008-05-01 11:49 . 2008-05-01 11:49 <REP> d-------- C:\VundoFix Backups
2008-04-23 08:22 . 2008-04-25 14:59 672 --a------ C:\WINDOWS\wininit.ini
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 23:29 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-22 22:39 . 2008-04-22 23:09 <REP> d-------- C:\Documents and Settings\Ludo\.housecall6.6
2008-04-22 22:38 . 2008-04-22 22:38 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 22:37 . 2008-04-22 22:58 <REP> d-------- C:\Program Files\Google
2008-04-22 22:36 . 2008-04-22 22:36 <REP> d-------- C:\Program Files\Java
2008-04-22 22:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 22:35 . 2008-04-22 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-22 20:33 . 2008-04-22 20:33 <REP> d-------- C:\WINDOWS\report
2008-04-22 20:32 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\LPT$VPN.231
2008-04-22 20:30 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-22 20:30 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\VPTNFILE.231
2008-04-22 20:30 . 2008-04-22 20:30 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-22 20:30 . 2008-04-22 20:30 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-22 20:30 . 2008-04-22 20:30 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-22 20:30 . 2008-04-22 20:30 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-22 20:30 . 2008-04-22 20:30 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-22 20:30 . 2008-04-22 23:20 823 --a------ C:\WINDOWS\tsc.ini
2008-04-22 20:27 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-22 20:27 . 2008-04-22 20:27 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-22 20:27 . 2008-04-22 20:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-22 20:27 . 2008-04-22 20:27 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-22 20:27 . 2008-04-22 20:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-22 20:27 . 2008-04-22 20:27 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-22 20:14 . 2008-04-22 20:14 <REP> d--h----- C:\WINDOWS\PIF
2008-04-22 14:37 . 2008-04-22 12:06 167,936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-22 14:37 . 2008-04-22 12:06 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-22 14:37 . 2008-04-22 12:06 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\VBIEWER.OCX
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-22 14:34 . 2008-05-01 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ybmvkpsb
2008-04-13 19:05 . 2008-04-13 19:05 <REP> d-------- C:\Program Files\OLITEC
2008-04-13 19:05 . 2005-09-21 10:26 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-04-10 19:42 . 2008-04-10 19:42 <REP> d-------- C:\Program Files\NFO viewer
2008-04-10 19:34 . 2008-04-10 19:34 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Media Player Classic
2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\vlc
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\DAEMON Tools
2008-04-10 19:23 . 2008-04-10 19:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-10 19:22 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\VideoLAN
2008-04-10 19:19 . 2008-04-24 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-10 19:18 . 2008-04-10 19:18 <REP> d-------- C:\Program Files\7-Zip
2008-04-10 18:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-10 18:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 23:14 . 2008-04-09 23:14 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-09 22:58 . 2008-04-09 22:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 22:55 . 2008-04-09 22:55 <REP> d-------- C:\Program Files\MSBuild
2008-04-09 22:52 . 2008-04-09 23:20 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 22:51 . 2008-04-09 22:51 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-09 22:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 22:49 . 2008-04-09 22:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 22:49 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 22:49 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 22:49 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 22:48 . 2008-04-22 23:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 22:48 . 2008-04-09 22:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 22:39 . 2008-04-09 22:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-09 22:06 . 2008-04-09 22:06 <REP> d-------- C:\Program Files\Neuf
2008-04-09 21:57 . 2008-04-09 21:57 <REP> d-------- C:\temp
2008-04-09 21:40 . 2008-04-09 21:40 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 20:22 . 2008-04-09 22:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-09 20:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-09 19:50 . 2008-04-09 19:50 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:48 . 2008-04-09 19:49 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-09 18:59 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-09 18:59 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-09 18:59 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-09 18:55 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-09 18:47 . 2008-04-09 18:47 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\provisioning
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\peernet
2008-04-08 23:47 . 2008-04-08 23:47 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 23:39 . 2008-04-08 23:39 <REP> d-------- C:\WINDOWS\EHome
2008-04-08 23:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-08 23:32 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-08 23:32 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-08 23:32 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-08 23:16 . 2008-04-09 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 23:16 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:15 . 2008-04-08 23:15 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-08 23:15 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-08 23:15 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-08 23:15 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-08 23:15 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-08 23:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-08 23:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-08 23:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-08 23:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-08 23:10 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-08 23:10 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 23:10 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 23:03 . 2008-04-08 23:03 <REP> d--hs---- C:\Documents and Settings\Ludo\UserData
2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\Alwil Software
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Ludo\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage réseau
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage d'impression
2008-04-08 22:15 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Ludo\Modèles
2008-04-08 22:15 . 2008-04-23 08:40 <REP> dr------- C:\Documents and Settings\Ludo\Mes documents
2008-04-08 22:15 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Ludo\Menu Démarrer
2008-04-08 22:15 . 2008-04-09 20:27 <REP> dr------- C:\Documents and Settings\Ludo\Favoris
2008-04-08 22:15 . 2008-05-01 19:38 <REP> d-------- C:\Documents and Settings\Ludo\Bureau
2008-04-08 22:15 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Symantec
2008-04-08 22:15 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Sony Corporation
2008-04-08 22:15 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\InterTrust
2008-04-08 22:15 . 2008-05-01 13:45 <REP> d-------- C:\Documents and Settings\Ludo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 17:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-09 19:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 19:10 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ACU"="C:\Program Files\OLITEC\ACU.exe" [2005-11-25 09:52 307200]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PowerPanel.lnk - C:\Program Files\powerpanel\Program\PcfMgr.exe [2003-08-04 13:57:34 880640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cU9xPb0tLv"= C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-01 17:38:04 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:39:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 19:40:14
ComboFix-quarantined-files.txt 2008-05-01 17:40:10
ComboFix2.txt 2008-05-01 16:12:39
ComboFix3.txt 2008-05-01 11:47:38
Pre-Run: 21,269,200,896 octets libres
Post-Run: 21,257,695,232 octets libres
221 --- E O F --- 2008-04-09 21:37:25
a y est il m'a demandé l'accord de suppression des fichiers cités en fin de registre (ceux à coller dans le fichier texte) j'espère que tout est bien. c'est bon? j'ai fait correctement normalement, j'avais créer un fichier word et non txt la première fois. :)
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.185 [GMT 2:00]
Endroit: C:\Documents and Settings\Ludo\Bureau\Combofix.exe
Command switches used :: C:\Documents and Settings\Ludo\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\All Users\Application Data\ybmvkpsb
C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
C:\WINDOWS\system32\etwhahgn.exe
C:\WINDOWS\system32\hyzqdgrw.exe
C:\WINDOWS\system32\rapmdspi.exe
C:\WINDOWS\system32\tuvVPfDU.dll
C:\WINDOWS\system32\vszejstw.exe
C:\WINDOWS\system32\wxyvmpob.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 13:33 . 2008-05-01 13:33 <REP> d-------- C:\_OTMoveIt
2008-05-01 11:49 . 2008-05-01 11:49 <REP> d-------- C:\VundoFix Backups
2008-04-23 08:22 . 2008-04-25 14:59 672 --a------ C:\WINDOWS\wininit.ini
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 23:29 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-22 22:39 . 2008-04-22 23:09 <REP> d-------- C:\Documents and Settings\Ludo\.housecall6.6
2008-04-22 22:38 . 2008-04-22 22:38 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 22:37 . 2008-04-22 22:58 <REP> d-------- C:\Program Files\Google
2008-04-22 22:36 . 2008-04-22 22:36 <REP> d-------- C:\Program Files\Java
2008-04-22 22:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 22:35 . 2008-04-22 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-22 20:33 . 2008-04-22 20:33 <REP> d-------- C:\WINDOWS\report
2008-04-22 20:32 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\LPT$VPN.231
2008-04-22 20:30 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-22 20:30 . 2008-04-22 20:30 34,774,801 --a------ C:\WINDOWS\VPTNFILE.231
2008-04-22 20:30 . 2008-04-22 20:30 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-22 20:30 . 2008-04-22 20:30 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-22 20:30 . 2008-04-22 20:30 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-22 20:30 . 2008-04-22 20:30 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-22 20:30 . 2008-04-22 20:30 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-22 20:30 . 2008-04-22 23:20 823 --a------ C:\WINDOWS\tsc.ini
2008-04-22 20:27 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-22 20:27 . 2008-04-22 20:27 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-22 20:27 . 2008-04-22 20:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-22 20:27 . 2008-04-22 20:27 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-22 20:27 . 2008-04-22 20:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-22 20:27 . 2008-04-22 20:27 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-22 20:14 . 2008-04-22 20:14 <REP> d--h----- C:\WINDOWS\PIF
2008-04-22 14:37 . 2008-04-22 12:06 167,936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-22 14:37 . 2008-04-22 12:06 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-22 14:37 . 2008-04-22 12:06 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\VBIEWER.OCX
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-22 14:35 . 2008-04-22 14:35 4,096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-22 14:34 . 2008-05-01 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ybmvkpsb
2008-04-13 19:05 . 2008-04-13 19:05 <REP> d-------- C:\Program Files\OLITEC
2008-04-13 19:05 . 2005-09-21 10:26 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-04-10 19:42 . 2008-04-10 19:42 <REP> d-------- C:\Program Files\NFO viewer
2008-04-10 19:34 . 2008-04-10 19:34 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Media Player Classic
2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\vlc
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\DAEMON Tools
2008-04-10 19:23 . 2008-04-10 19:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-10 19:22 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\VideoLAN
2008-04-10 19:19 . 2008-04-24 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-10 19:18 . 2008-04-10 19:18 <REP> d-------- C:\Program Files\7-Zip
2008-04-10 18:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-10 18:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 23:14 . 2008-04-09 23:14 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-09 23:01 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-09 23:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-09 22:58 . 2008-04-09 22:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 22:55 . 2008-04-09 22:55 <REP> d-------- C:\Program Files\MSBuild
2008-04-09 22:52 . 2008-04-09 23:20 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 22:51 . 2008-04-09 22:51 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-09 22:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 22:49 . 2008-04-09 22:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 22:49 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 22:49 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 22:49 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 22:48 . 2008-04-22 23:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 22:48 . 2008-04-09 22:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 22:39 . 2008-04-09 22:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-09 22:06 . 2008-04-09 22:06 <REP> d-------- C:\Program Files\Neuf
2008-04-09 21:57 . 2008-04-09 21:57 <REP> d-------- C:\temp
2008-04-09 21:40 . 2008-04-09 21:40 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 20:22 . 2008-04-09 22:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-09 20:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-09 19:50 . 2008-04-09 19:50 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:48 . 2008-04-09 19:49 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-09 18:59 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-09 18:59 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-09 18:59 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-09 18:55 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-09 18:47 . 2008-04-09 18:47 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\provisioning
2008-04-08 23:49 . 2008-04-08 23:49 <REP> d-------- C:\WINDOWS\peernet
2008-04-08 23:47 . 2008-04-08 23:47 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-08 23:39 . 2008-04-08 23:39 <REP> d-------- C:\WINDOWS\EHome
2008-04-08 23:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-08 23:32 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-08 23:32 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-08 23:32 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-08 23:16 . 2008-04-09 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 23:16 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:15 . 2008-04-08 23:15 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-08 23:15 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-08 23:15 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-08 23:15 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-08 23:15 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-08 23:10 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-08 23:10 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-08 23:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-08 23:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-08 23:10 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-08 23:10 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-08 23:10 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-08 23:10 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-08 23:03 . 2008-04-08 23:03 <REP> d--hs---- C:\Documents and Settings\Ludo\UserData
2008-04-08 22:48 . 2008-04-08 22:48 <REP> d-------- C:\Program Files\Alwil Software
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Ludo\WINDOWS
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage réseau
2008-04-08 22:15 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Ludo\Voisinage d'impression
2008-04-08 22:15 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Ludo\Modèles
2008-04-08 22:15 . 2008-04-23 08:40 <REP> dr------- C:\Documents and Settings\Ludo\Mes documents
2008-04-08 22:15 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Ludo\Menu Démarrer
2008-04-08 22:15 . 2008-04-09 20:27 <REP> dr------- C:\Documents and Settings\Ludo\Favoris
2008-04-08 22:15 . 2008-05-01 19:38 <REP> d-------- C:\Documents and Settings\Ludo\Bureau
2008-04-08 22:15 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Symantec
2008-04-08 22:15 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\Sony Corporation
2008-04-08 22:15 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Ludo\Application Data\InterTrust
2008-04-08 22:15 . 2008-05-01 13:45 <REP> d-------- C:\Documents and Settings\Ludo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 17:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-09 19:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 19:10 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ACU"="C:\Program Files\OLITEC\ACU.exe" [2005-11-25 09:52 307200]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PowerPanel.lnk - C:\Program Files\powerpanel\Program\PcfMgr.exe [2003-08-04 13:57:34 880640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cU9xPb0tLv"= C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-01 17:38:04 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:39:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 19:40:14
ComboFix-quarantined-files.txt 2008-05-01 17:40:10
ComboFix2.txt 2008-05-01 16:12:39
ComboFix3.txt 2008-05-01 11:47:38
Pre-Run: 21,269,200,896 octets libres
Post-Run: 21,257,695,232 octets libres
221 --- E O F --- 2008-04-09 21:37:25
a y est il m'a demandé l'accord de suppression des fichiers cités en fin de registre (ceux à coller dans le fichier texte) j'espère que tout est bien. c'est bon? j'ai fait correctement normalement, j'avais créer un fichier word et non txt la première fois. :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:38, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\OLITEC\ACU.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Ludo\Bureau\HiJackThis.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [cU9xPb0tLv] C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208896598_2558d46a7b3ae43e213d85639754aab4&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Scan saved at 20:02:38, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\OLITEC\ACU.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Ludo\Bureau\HiJackThis.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [cU9xPb0tLv] C:\Documents and Settings\All Users\Application Data\ybmvkpsb\qvypuber.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208896598_2558d46a7b3ae43e213d85639754aab4&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
___________
installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
voila c'est résolu!
bonne continuation!!!
rq : tu peux virer combofix,virtumondebegone, vundofix et otmovit de ton ordi
O2 - BHO: (no name) - {E48AA619-23E0-412D-AB72-6BEBF0450E82} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
___________
installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
voila c'est résolu!
bonne continuation!!!
rq : tu peux virer combofix,virtumondebegone, vundofix et otmovit de ton ordi
que fais-je?
je relance vundo?
merci