Win32:Vundo@dll [Trj] URGENT Fermé

Question

Bonjour,
j ai un virus Win32:Vundo@dll [Trj] comment m en debarasser avast le detecte mais ne le supprime pas disant qu il est utilisé par un autre processus merci

microdomil · Answer

Bonjour essai ca :

http://www.clubic.com/telecharger-fiche25107-vundofix.html

macos · Answer

je l ai téléchargé et executé mais il ne detecte rien que faire?

macos · Answer

personne??il n y a rien d autre faire ? pas de solution? merci

jlpjlp · Answer

slt,

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 


________________
colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

macos · Answer

ComboFix 08-05-19.4 - Adnen 2008-05-20 11:08:50.2 - NTFSx86

Endroit: C:\Documents and Settings\Adnen\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adnen\Bureau\CFscript.txt

FILE ::
C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\byXOiGYO.dll
C:\WINDOWS\system32\grcnykij.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\mtrhvymg.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\mtrhvymg.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 10:45 . 2008-05-20 10:45 <REP> d-------- C:\Program Files\Trend Micro
2008-05-20 10:11 . 2008-05-20 10:11 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-20 10:11 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-20 10:11 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-20 09:25 . 2008-05-20 09:25 <REP> d-------- C:\VundoFix Backups
2008-05-19 09:15 . 2008-05-19 09:17 109,821 --a------ C:\WINDOWS\BM5bccaa67.xml
2008-05-18 21:26 . 2008-05-19 09:22 41 --a------ C:\WINDOWS\msiosd.ini
2008-05-18 19:53 . 2008-05-18 19:53 <REP> d--hs---- C:\found.001
2008-05-18 19:46 . 2008-05-18 19:46 <REP> d-------- C:\Program Files\MP4 Player
2008-05-18 19:46 . 2008-05-18 19:46 36 ---h----- C:\WINDOWS\system32\swk.ini
2008-05-18 19:45 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-18 19:40 . 2008-05-18 19:40 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-18 19:20 . 2008-05-18 19:20 <REP> d-------- C:\Program Files\uTorrent
2008-05-18 19:20 . 2008-05-18 19:46 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\uTorrent
2008-05-18 11:37 . 2008-05-18 11:37 <REP> d--hs---- C:\found.000
2008-05-17 17:21 . 2008-05-17 17:21 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\Windows Live Writer
2008-05-17 16:05 . 2008-05-17 16:05 <REP> d-------- C:\spoolerlogs
2008-05-17 12:06 . 2008-05-17 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-17 12:05 . 2008-05-18 12:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 11:51 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-17 11:51 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-17 11:51 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-17 11:51 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-17 11:51 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-17 11:51 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-17 11:51 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-17 11:51 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-17 11:51 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-17 11:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-17 11:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-17 11:40 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-16 20:25 . 2008-05-16 20:25 268 --ah----- C:\sqmdata05.sqm
2008-05-16 20:25 . 2008-05-16 20:25 244 --ah----- C:\sqmnoopt05.sqm
2008-05-16 20:22 . 2008-05-16 20:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-16 20:21 . 2008-05-16 20:54 <REP> d-------- C:\Program Files\Windows Live
2008-05-16 20:21 . 2008-05-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 20:09 . 2008-05-16 20:09 268 --ah----- C:\sqmdata04.sqm
2008-05-16 20:09 . 2008-05-16 20:09 244 --ah----- C:\sqmnoopt04.sqm
2008-05-16 19:56 . 2008-05-16 19:56 <REP> d-------- C:\Program Files\hp deskjet 3820 series
2008-05-16 19:56 . 2008-05-16 19:56 803 --a------ C:\WINDOWS\hpinfo.lnk
2008-05-16 19:55 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 19:52 . 2008-05-16 19:52 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-16 19:49 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-16 19:49 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-16 19:49 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-16 19:48 . 2008-05-16 19:48 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 19:48 . 2008-05-16 19:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 19:48 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-16 19:47 . 2008-05-16 19:47 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 19:47 . 2008-05-16 19:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 19:43 . 2008-05-16 19:43 268 --ah----- C:\sqmdata03.sqm
2008-05-16 19:43 . 2008-05-16 19:43 244 --ah----- C:\sqmnoopt03.sqm
2008-05-16 19:39 . 2008-05-16 19:39 268 --ah----- C:\sqmdata02.sqm
2008-05-16 19:39 . 2008-05-16 19:39 244 --ah----- C:\sqmnoopt02.sqm
2008-05-16 19:06 . 2008-05-16 19:06 <REP> d--h-c--- C:\WINDOWS\$NtUninsvallKB940763$
2008-05-16 19:04 . 2007-02-28 18:02 2,059,648 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-16 19:04 . 2007-02-28 18:02 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-16 19:04 . 2006-12-26 15:09 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll
2008-05-16 19:04 . 2006-08-16 11:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-16 19:04 . 2006-12-26 15:09 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll
2008-05-16 19:04 . 2006-12-26 15:09 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll
2008-05-16 19:04 . 2006-12-26 15:09 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll
2008-05-16 19:04 . 2008-05-16 19:04 268 --ah----- C:\sqmdata01.sqm
2008-05-16 19:04 . 2008-05-16 19:04 244 --ah----- C:\sqmnoopt01.sqm
2008-05-16 19:02 . 2008-03-20 10:09 1,845,376 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-05-16 19:02 . 2007-08-21 08:17 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-05-16 19:02 . 2006-08-25 17:51 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-05-16 19:02 . 2007-03-08 17:37 578,560 --------- C:\WINDOWS\system32\dllcache\user32.dll
2008-05-16 19:02 . 2007-03-08 17:37 40,960 --------- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-05-16 19:01 . 2007-01-23 21:31 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-05-16 18:56 . 2008-05-16 18:56 268 --ah----- C:\sqmdata00.sqm
2008-05-16 18:56 . 2008-05-16 18:56 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 18:55 . 2008-05-17 15:28 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-16 18:52 . 2008-05-17 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 18:30 . 2008-05-18 11:31 <REP> d-------- C:\Program Files\TomTom HOME
2008-05-16 17:55 . 2008-05-16 20:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-16 17:55 . 2008-05-17 12:15 <REP> d-------- C:\Documents and Settings\Adnen\Contacts
2008-05-16 17:44 . 2008-05-16 17:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 17:21 . 2008-05-16 17:21 <REP> d-------- C:\WINDOWS\Sun
2008-05-16 17:20 . 2008-05-16 17:20 <REP> d-------- C:\Program Files\Java
2008-05-16 17:20 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-16 17:19 . 2008-05-16 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-16 15:59 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-16 15:59 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-16 15:59 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-16 15:39 . 2008-05-16 15:39 <REP> d-------- C:\Program Files\Alwil Software
2008-05-16 15:39 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-16 15:30 . 2008-05-17 13:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-16 15:13 . 2008-05-16 15:13 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-05-16 15:06 . 2008-05-16 15:14 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-16 15:05 . 2008-05-16 15:05 <REP> d-------- C:\WINDOWS\provisioning
2008-05-16 15:05 . 2008-05-16 15:05 <REP> d-------- C:\WINDOWS\peernet
2008-05-16 15:04 . 2008-05-16 15:04 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-16 15:01 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-16 14:59 . 2008-05-16 14:59 <REP> d-------- C:\WINDOWS\EHome
2008-05-16 14:56 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-05-16 14:56 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-05-16 14:56 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-05-16 14:39 . 2008-05-16 14:39 <REP> d-------- C:\WINDOWS\system32\bits
2008-05-16 14:39 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-16 14:39 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-16 14:39 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-05-16 14:38 . 2008-05-16 14:38 <REP> d--hs---- C:\Documents and Settings\Adnen\UserData
2008-05-16 14:38 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-05-16 14:38 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-05-16 14:38 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-16 14:38 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-16 14:38 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-16 14:38 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-05-16 14:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-16 14:38 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-16 14:38 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-16 14:34 . 2008-05-16 13:42 <REP> d-------- C:\Documents and Settings\Adnen\WINDOWS
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\Voisinage r‚seau
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\Voisinage d'impression
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\ModŠles
2008-05-16 14:34 . 2008-05-18 19:35 <REP> dr------- C:\Documents and Settings\Adnen\Mes documents
2008-05-16 14:34 . 2008-05-18 19:20 <REP> dr------- C:\Documents and Settings\Adnen\Menu D‚marrer
2008-05-16 14:34 . 2008-05-17 18:23 <REP> dr------- C:\Documents and Settings\Adnen\Favoris
2008-05-16 14:34 . 2008-05-20 11:08 <REP> dr------- C:\Documents and Settings\Adnen\Bureau
2008-05-16 14:34 . 2008-05-16 13:53 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\InterTrust
2008-05-16 14:34 . 2008-05-20 11:11 <REP> d-------- C:\Documents and Settings\Adnen
2008-05-16 14:34 . 2008-05-20 11:12 20,480 --ah----- C:\Documents and Settings\Adnen\ntuser.dat.LOG
2008-05-16 14:33 . 2008-05-16 14:33 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-16 14:33 . 2008-05-16 13:42 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 11:59 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-05-16 11:59 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 11:59 --------- d-----w C:\Program Files\HandyBits
2008-05-16 11:59 --------- d-----w C:\Program Files\DesignPro 2000
2008-05-16 11:57 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-16 11:57 --------- d-----w C:\Program Files\Surfairy
2008-05-16 11:57 --------- d-----w C:\Program Files\Real
2008-05-16 11:57 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-16 11:56 --------- d-----w C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
2008-05-16 11:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 11:55 --------- d-----w C:\Program Files\Audioneer
2008-05-16 11:54 90,112 ------r C:\WINDOWS\bwUnin-6.1.0.145L.exe
2008-05-16 11:54 --------- d-----w C:\Program Files\Ulead Systems
2008-05-16 11:54 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-05-16 11:54 --------- d-----w C:\Program Files\BackWeb
2008-05-16 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-16 11:53 --------- d-----w C:\Program Files\SBApps
2008-05-16 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-05-16 11:42 --------- d-----w C:\Program Files\MouseWare
2008-05-16 11:42 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-16 11:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 11:35 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2001-08-28 12:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

2001-08-28 12:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

2001-08-28 12:00 434176 7486a7d62930d64e83cd847c3c69e7cc C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

2001-08-28 12:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2001-08-28 12:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

2001-08-28 12:00 11776 2c2431b30a629123c1757582c9d93f38 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

2001-08-28 12:00 13312 f95275cf5e7c30cea58b0b1b7b40210f C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-20_10.10.33.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 08:05:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 09:12:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-17 17:40 639488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 18:51 192512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLFyXP]
jkkLFyXP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-16 12:33:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-05-16 12:33:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:12:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\APPS\ActivBoard\Traymon.exe
C:\APPS\ActivBoard\osd.exe
C:\APPS\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 11:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 09:17:05
ComboFix2.txt 2008-05-20 08:11:26

Pre-Run: 69,560,254,464 octets libres
Post-Run: 69,571,174,400 octets libres

274 --- E O F --- 2008-05-17 21:39:46

raport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:42, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://80.237.209.20/objects/NpFv41629.dll
O20 - Winlogon Notify: jkkLFyXP - jkkLFyXP.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

macos · Answer

ComboFix 08-05-19.4 - Adnen 2008-05-20 11:08:50.2 - NTFSx86

Endroit: C:\Documents and Settings\Adnen\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adnen\Bureau\CFscript.txt

FILE ::
C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\byXOiGYO.dll
C:\WINDOWS\system32\grcnykij.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\mtrhvymg.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\mtrhvymg.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 10:45 . 2008-05-20 10:45 <REP> d-------- C:\Program Files\Trend Micro
2008-05-20 10:11 . 2008-05-20 10:11 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-20 10:11 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-20 10:11 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-20 09:25 . 2008-05-20 09:25 <REP> d-------- C:\VundoFix Backups
2008-05-19 09:15 . 2008-05-19 09:17 109,821 --a------ C:\WINDOWS\BM5bccaa67.xml
2008-05-18 21:26 . 2008-05-19 09:22 41 --a------ C:\WINDOWS\msiosd.ini
2008-05-18 19:53 . 2008-05-18 19:53 <REP> d--hs---- C:\found.001
2008-05-18 19:46 . 2008-05-18 19:46 <REP> d-------- C:\Program Files\MP4 Player
2008-05-18 19:46 . 2008-05-18 19:46 36 ---h----- C:\WINDOWS\system32\swk.ini
2008-05-18 19:45 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-18 19:40 . 2008-05-18 19:40 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-18 19:20 . 2008-05-18 19:20 <REP> d-------- C:\Program Files\uTorrent
2008-05-18 19:20 . 2008-05-18 19:46 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\uTorrent
2008-05-18 11:37 . 2008-05-18 11:37 <REP> d--hs---- C:\found.000
2008-05-17 17:21 . 2008-05-17 17:21 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\Windows Live Writer
2008-05-17 16:05 . 2008-05-17 16:05 <REP> d-------- C:\spoolerlogs
2008-05-17 12:06 . 2008-05-17 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-17 12:05 . 2008-05-18 12:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 11:51 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-17 11:51 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-17 11:51 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-17 11:51 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-17 11:51 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-17 11:51 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-17 11:51 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-17 11:51 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-17 11:51 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-17 11:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-17 11:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-17 11:40 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-16 20:25 . 2008-05-16 20:25 268 --ah----- C:\sqmdata05.sqm
2008-05-16 20:25 . 2008-05-16 20:25 244 --ah----- C:\sqmnoopt05.sqm
2008-05-16 20:22 . 2008-05-16 20:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-16 20:21 . 2008-05-16 20:54 <REP> d-------- C:\Program Files\Windows Live
2008-05-16 20:21 . 2008-05-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 20:09 . 2008-05-16 20:09 268 --ah----- C:\sqmdata04.sqm
2008-05-16 20:09 . 2008-05-16 20:09 244 --ah----- C:\sqmnoopt04.sqm
2008-05-16 19:56 . 2008-05-16 19:56 <REP> d-------- C:\Program Files\hp deskjet 3820 series
2008-05-16 19:56 . 2008-05-16 19:56 803 --a------ C:\WINDOWS\hpinfo.lnk
2008-05-16 19:55 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 19:52 . 2008-05-16 19:52 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-16 19:49 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-16 19:49 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-16 19:49 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-16 19:48 . 2008-05-16 19:48 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 19:48 . 2008-05-16 19:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 19:48 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-16 19:47 . 2008-05-16 19:47 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 19:47 . 2008-05-16 19:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 19:43 . 2008-05-16 19:43 268 --ah----- C:\sqmdata03.sqm
2008-05-16 19:43 . 2008-05-16 19:43 244 --ah----- C:\sqmnoopt03.sqm
2008-05-16 19:39 . 2008-05-16 19:39 268 --ah----- C:\sqmdata02.sqm
2008-05-16 19:39 . 2008-05-16 19:39 244 --ah----- C:\sqmnoopt02.sqm
2008-05-16 19:06 . 2008-05-16 19:06 <REP> d--h-c--- C:\WINDOWS\$NtUninsvallKB940763$
2008-05-16 19:04 . 2007-02-28 18:02 2,059,648 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-16 19:04 . 2007-02-28 18:02 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-16 19:04 . 2006-12-26 15:09 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll
2008-05-16 19:04 . 2006-08-16 11:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-16 19:04 . 2006-12-26 15:09 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll
2008-05-16 19:04 . 2006-12-26 15:09 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll
2008-05-16 19:04 . 2006-12-26 15:09 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll
2008-05-16 19:04 . 2008-05-16 19:04 268 --ah----- C:\sqmdata01.sqm
2008-05-16 19:04 . 2008-05-16 19:04 244 --ah----- C:\sqmnoopt01.sqm
2008-05-16 19:02 . 2008-03-20 10:09 1,845,376 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-05-16 19:02 . 2007-08-21 08:17 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-05-16 19:02 . 2006-08-25 17:51 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-05-16 19:02 . 2007-03-08 17:37 578,560 --------- C:\WINDOWS\system32\dllcache\user32.dll
2008-05-16 19:02 . 2007-03-08 17:37 40,960 --------- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-05-16 19:01 . 2007-01-23 21:31 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-05-16 18:56 . 2008-05-16 18:56 268 --ah----- C:\sqmdata00.sqm
2008-05-16 18:56 . 2008-05-16 18:56 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 18:55 . 2008-05-17 15:28 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-16 18:52 . 2008-05-17 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 18:30 . 2008-05-18 11:31 <REP> d-------- C:\Program Files\TomTom HOME
2008-05-16 17:55 . 2008-05-16 20:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-16 17:55 . 2008-05-17 12:15 <REP> d-------- C:\Documents and Settings\Adnen\Contacts
2008-05-16 17:44 . 2008-05-16 17:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 17:21 . 2008-05-16 17:21 <REP> d-------- C:\WINDOWS\Sun
2008-05-16 17:20 . 2008-05-16 17:20 <REP> d-------- C:\Program Files\Java
2008-05-16 17:20 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-16 17:19 . 2008-05-16 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-16 15:59 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-16 15:59 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-16 15:59 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-16 15:39 . 2008-05-16 15:39 <REP> d-------- C:\Program Files\Alwil Software
2008-05-16 15:39 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-16 15:30 . 2008-05-17 13:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-16 15:13 . 2008-05-16 15:13 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-05-16 15:06 . 2008-05-16 15:14 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-16 15:05 . 2008-05-16 15:05 <REP> d-------- C:\WINDOWS\provisioning
2008-05-16 15:05 . 2008-05-16 15:05 <REP> d-------- C:\WINDOWS\peernet
2008-05-16 15:04 . 2008-05-16 15:04 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-16 15:01 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-16 14:59 . 2008-05-16 14:59 <REP> d-------- C:\WINDOWS\EHome
2008-05-16 14:56 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-05-16 14:56 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-05-16 14:56 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-05-16 14:39 . 2008-05-16 14:39 <REP> d-------- C:\WINDOWS\system32\bits
2008-05-16 14:39 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-16 14:39 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-16 14:39 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-05-16 14:38 . 2008-05-16 14:38 <REP> d--hs---- C:\Documents and Settings\Adnen\UserData
2008-05-16 14:38 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-05-16 14:38 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-05-16 14:38 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-16 14:38 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-16 14:38 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-16 14:38 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-05-16 14:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-16 14:38 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-16 14:38 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-16 14:34 . 2008-05-16 13:42 <REP> d-------- C:\Documents and Settings\Adnen\WINDOWS
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\Voisinage r‚seau
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\Voisinage d'impression
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\ModŠles
2008-05-16 14:34 . 2008-05-18 19:35 <REP> dr------- C:\Documents and Settings\Adnen\Mes documents
2008-05-16 14:34 . 2008-05-18 19:20 <REP> dr------- C:\Documents and Settings\Adnen\Menu D‚marrer
2008-05-16 14:34 . 2008-05-17 18:23 <REP> dr------- C:\Documents and Settings\Adnen\Favoris
2008-05-16 14:34 . 2008-05-20 11:08 <REP> dr------- C:\Documents and Settings\Adnen\Bureau
2008-05-16 14:34 . 2008-05-16 13:53 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\InterTrust
2008-05-16 14:34 . 2008-05-20 11:11 <REP> d-------- C:\Documents and Settings\Adnen
2008-05-16 14:34 . 2008-05-20 11:12 20,480 --ah----- C:\Documents and Settings\Adnen\ntuser.dat.LOG
2008-05-16 14:33 . 2008-05-16 14:33 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-16 14:33 . 2008-05-16 13:42 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 11:59 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-05-16 11:59 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 11:59 --------- d-----w C:\Program Files\HandyBits
2008-05-16 11:59 --------- d-----w C:\Program Files\DesignPro 2000
2008-05-16 11:57 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-16 11:57 --------- d-----w C:\Program Files\Surfairy
2008-05-16 11:57 --------- d-----w C:\Program Files\Real
2008-05-16 11:57 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-16 11:56 --------- d-----w C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
2008-05-16 11:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 11:55 --------- d-----w C:\Program Files\Audioneer
2008-05-16 11:54 90,112 ------r C:\WINDOWS\bwUnin-6.1.0.145L.exe
2008-05-16 11:54 --------- d-----w C:\Program Files\Ulead Systems
2008-05-16 11:54 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-05-16 11:54 --------- d-----w C:\Program Files\BackWeb
2008-05-16 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-16 11:53 --------- d-----w C:\Program Files\SBApps
2008-05-16 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-05-16 11:42 --------- d-----w C:\Program Files\MouseWare
2008-05-16 11:42 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-16 11:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 11:35 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2001-08-28 12:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

2001-08-28 12:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

2001-08-28 12:00 434176 7486a7d62930d64e83cd847c3c69e7cc C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

2001-08-28 12:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2001-08-28 12:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

2001-08-28 12:00 11776 2c2431b30a629123c1757582c9d93f38 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

2001-08-28 12:00 13312 f95275cf5e7c30cea58b0b1b7b40210f C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-20_10.10.33.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 08:05:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 09:12:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-17 17:40 639488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 18:51 192512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLFyXP]
jkkLFyXP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-16 12:33:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-05-16 12:33:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:12:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\APPS\ActivBoard\Traymon.exe
C:\APPS\ActivBoard\osd.exe
C:\APPS\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 11:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 09:17:05
ComboFix2.txt 2008-05-20 08:11:26

Pre-Run: 69,560,254,464 octets libres
Post-Run: 69,571,174,400 octets libres

274 --- E O F --- 2008-05-17 21:39:46

raport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:42, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://80.237.209.20/objects/NpFv41629.dll
O20 - Winlogon Notify: jkkLFyXP - jkkLFyXP.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

jlpjlp · Answer

ok colle le rapport hijakchits

puis analyse ces ficheirs sur virus total et dis moi lesquels sont inféctés:

https://www.virustotal.com/gui/


C:\WINDOWS\system32\mtrhvymg.exe
C:\WINDOWS\BM5bccaa67.xml
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\qmgrprxy.dll
C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\bitsprx3.dll

macos · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:49, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Money\System\urlmap.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defaulthomepage.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6E6142AA-09E6-4411-A2AA-FF5E234CEA48} - C:\WINDOWS\system32\byXOiGYO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\jkkLFyXP.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [BM5bccaa67] Rundll32.exe "C:\WINDOWS\system32\grcnykij.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://80.237.209.20/objects/NpFv41629.dll
O20 - Winlogon Notify: jkkLFyXP - C:\WINDOWS\SYSTEM32\jkkLFyXP.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

jlpjlp · Answer

ok !






pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\WINDOWS\system32\byXOiGYO.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\grcnykij.dll
C:\WINDOWS\system32\mtrhvymg.exe
C:\WINDOWS\system32\bitsprx2.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E6142AA-09E6-4411-A2AA-FF5E234CEA48}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5bccaa67"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\jkkLFyXP]








Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis actuels


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

macos · Answer

ComboFix 08-05-19.4 - Adnen 2008-05-20 11:08:50.2 - NTFSx86

Endroit: C:\Documents and Settings\Adnen\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adnen\Bureau\CFscript.txt

FILE ::
C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\byXOiGYO.dll
C:\WINDOWS\system32\grcnykij.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\mtrhvymg.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\system32\jkkLFyXP.dll
C:\WINDOWS\system32\mtrhvymg.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 10:45 . 2008-05-20 10:45 <REP> d-------- C:\Program Files\Trend Micro
2008-05-20 10:11 . 2008-05-20 10:11 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-20 10:11 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-20 10:11 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-20 09:25 . 2008-05-20 09:25 <REP> d-------- C:\VundoFix Backups
2008-05-19 09:15 . 2008-05-19 09:17 109,821 --a------ C:\WINDOWS\BM5bccaa67.xml
2008-05-18 21:26 . 2008-05-19 09:22 41 --a------ C:\WINDOWS\msiosd.ini
2008-05-18 19:53 . 2008-05-18 19:53 <REP> d--hs---- C:\found.001
2008-05-18 19:46 . 2008-05-18 19:46 <REP> d-------- C:\Program Files\MP4 Player
2008-05-18 19:46 . 2008-05-18 19:46 36 ---h----- C:\WINDOWS\system32\swk.ini
2008-05-18 19:45 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-18 19:40 . 2008-05-18 19:40 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-18 19:20 . 2008-05-18 19:20 <REP> d-------- C:\Program Files\uTorrent
2008-05-18 19:20 . 2008-05-18 19:46 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\uTorrent
2008-05-18 11:37 . 2008-05-18 11:37 <REP> d--hs---- C:\found.000
2008-05-17 17:21 . 2008-05-17 17:21 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\Windows Live Writer
2008-05-17 16:05 . 2008-05-17 16:05 <REP> d-------- C:\spoolerlogs
2008-05-17 12:06 . 2008-05-17 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-17 12:05 . 2008-05-18 12:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 11:51 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-17 11:51 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-17 11:51 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-17 11:51 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-17 11:51 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-17 11:51 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-17 11:51 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-17 11:51 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-17 11:51 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-17 11:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-17 11:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-17 11:40 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-16 20:25 . 2008-05-16 20:25 268 --ah----- C:\sqmdata05.sqm
2008-05-16 20:25 . 2008-05-16 20:25 244 --ah----- C:\sqmnoopt05.sqm
2008-05-16 20:22 . 2008-05-16 20:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-16 20:21 . 2008-05-16 20:54 <REP> d-------- C:\Program Files\Windows Live
2008-05-16 20:21 . 2008-05-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 20:09 . 2008-05-16 20:09 268 --ah----- C:\sqmdata04.sqm
2008-05-16 20:09 . 2008-05-16 20:09 244 --ah----- C:\sqmnoopt04.sqm
2008-05-16 19:56 . 2008-05-16 19:56 <REP> d-------- C:\Program Files\hp deskjet 3820 series
2008-05-16 19:56 . 2008-05-16 19:56 803 --a------ C:\WINDOWS\hpinfo.lnk
2008-05-16 19:55 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-16 19:52 . 2008-05-16 19:52 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-16 19:49 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-16 19:49 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-16 19:49 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-16 19:48 . 2008-05-16 19:48 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 19:48 . 2008-05-16 19:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 19:48 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-16 19:47 . 2008-05-16 19:47 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 19:47 . 2008-05-16 19:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 19:43 . 2008-05-16 19:43 268 --ah----- C:\sqmdata03.sqm
2008-05-16 19:43 . 2008-05-16 19:43 244 --ah----- C:\sqmnoopt03.sqm
2008-05-16 19:39 . 2008-05-16 19:39 268 --ah----- C:\sqmdata02.sqm
2008-05-16 19:39 . 2008-05-16 19:39 244 --ah----- C:\sqmnoopt02.sqm
2008-05-16 19:06 . 2008-05-16 19:06 <REP> d--h-c--- C:\WINDOWS\$NtUninsvallKB940763$
2008-05-16 19:04 . 2007-02-28 18:02 2,059,648 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-16 19:04 . 2007-02-28 18:02 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-16 19:04 . 2006-12-26 15:09 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll
2008-05-16 19:04 . 2006-08-16 11:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-16 19:04 . 2006-12-26 15:09 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll
2008-05-16 19:04 . 2006-12-26 15:09 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll
2008-05-16 19:04 . 2006-12-26 15:09 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll
2008-05-16 19:04 . 2008-05-16 19:04 268 --ah----- C:\sqmdata01.sqm
2008-05-16 19:04 . 2008-05-16 19:04 244 --ah----- C:\sqmnoopt01.sqm
2008-05-16 19:02 . 2008-03-20 10:09 1,845,376 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-05-16 19:02 . 2007-08-21 08:17 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-05-16 19:02 . 2006-08-25 17:51 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-05-16 19:02 . 2007-03-08 17:37 578,560 --------- C:\WINDOWS\system32\dllcache\user32.dll
2008-05-16 19:02 . 2007-03-08 17:37 40,960 --------- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-05-16 19:01 . 2007-01-23 21:31 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-05-16 18:56 . 2008-05-16 18:56 268 --ah----- C:\sqmdata00.sqm
2008-05-16 18:56 . 2008-05-16 18:56 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 18:55 . 2008-05-17 15:28 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-16 18:52 . 2008-05-17 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 18:30 . 2008-05-18 11:31 <REP> d-------- C:\Program Files\TomTom HOME
2008-05-16 17:55 . 2008-05-16 20:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-16 17:55 . 2008-05-17 12:15 <REP> d-------- C:\Documents and Settings\Adnen\Contacts
2008-05-16 17:44 . 2008-05-16 17:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 17:21 . 2008-05-16 17:21 <REP> d-------- C:\WINDOWS\Sun
2008-05-16 17:20 . 2008-05-16 17:20 <REP> d-------- C:\Program Files\Java
2008-05-16 17:20 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-16 17:19 . 2008-05-16 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-16 15:59 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-16 15:59 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-16 15:59 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-16 15:39 . 2008-05-16 15:39 <REP> d-------- C:\Program Files\Alwil Software
2008-05-16 15:39 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-16 15:30 . 2008-05-17 13:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-16 15:13 . 2008-05-16 15:13 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-05-16 15:06 . 2008-05-16 15:14 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-16 15:05 . 2008-05-16 15:05 <REP> d-------- C:\WINDOWS\provisioning
2008-05-16 15:05 . 2008-05-16 15:05 <REP> d-------- C:\WINDOWS\peernet
2008-05-16 15:04 . 2008-05-16 15:04 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-16 15:01 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-16 14:59 . 2008-05-16 14:59 <REP> d-------- C:\WINDOWS\EHome
2008-05-16 14:56 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-05-16 14:56 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-05-16 14:56 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-05-16 14:39 . 2008-05-16 14:39 <REP> d-------- C:\WINDOWS\system32\bits
2008-05-16 14:39 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-16 14:39 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-16 14:39 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-05-16 14:38 . 2008-05-16 14:38 <REP> d--hs---- C:\Documents and Settings\Adnen\UserData
2008-05-16 14:38 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-05-16 14:38 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-05-16 14:38 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-16 14:38 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-16 14:38 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-16 14:38 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-05-16 14:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-16 14:38 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-16 14:38 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-16 14:34 . 2008-05-16 13:42 <REP> d-------- C:\Documents and Settings\Adnen\WINDOWS
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\Voisinage r‚seau
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\Voisinage d'impression
2008-05-16 14:34 . 2008-05-16 13:31 <REP> d--h----- C:\Documents and Settings\Adnen\ModŠles
2008-05-16 14:34 . 2008-05-18 19:35 <REP> dr------- C:\Documents and Settings\Adnen\Mes documents
2008-05-16 14:34 . 2008-05-18 19:20 <REP> dr------- C:\Documents and Settings\Adnen\Menu D‚marrer
2008-05-16 14:34 . 2008-05-17 18:23 <REP> dr------- C:\Documents and Settings\Adnen\Favoris
2008-05-16 14:34 . 2008-05-20 11:08 <REP> dr------- C:\Documents and Settings\Adnen\Bureau
2008-05-16 14:34 . 2008-05-16 13:53 <REP> d-------- C:\Documents and Settings\Adnen\Application Data\InterTrust
2008-05-16 14:34 . 2008-05-20 11:11 <REP> d-------- C:\Documents and Settings\Adnen
2008-05-16 14:34 . 2008-05-20 11:12 20,480 --ah----- C:\Documents and Settings\Adnen\ntuser.dat.LOG
2008-05-16 14:33 . 2008-05-16 14:33 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-16 14:33 . 2008-05-16 13:42 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 11:59 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-05-16 11:59 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 11:59 --------- d-----w C:\Program Files\HandyBits
2008-05-16 11:59 --------- d-----w C:\Program Files\DesignPro 2000
2008-05-16 11:57 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-16 11:57 --------- d-----w C:\Program Files\Surfairy
2008-05-16 11:57 --------- d-----w C:\Program Files\Real
2008-05-16 11:57 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-16 11:56 --------- d-----w C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
2008-05-16 11:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 11:55 --------- d-----w C:\Program Files\Audioneer
2008-05-16 11:54 90,112 ------r C:\WINDOWS\bwUnin-6.1.0.145L.exe
2008-05-16 11:54 --------- d-----w C:\Program Files\Ulead Systems
2008-05-16 11:54 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-05-16 11:54 --------- d-----w C:\Program Files\BackWeb
2008-05-16 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-16 11:53 --------- d-----w C:\Program Files\SBApps
2008-05-16 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-05-16 11:42 --------- d-----w C:\Program Files\MouseWare
2008-05-16 11:42 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-16 11:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 11:35 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2001-08-28 12:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

2001-08-28 12:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

2001-08-28 12:00 434176 7486a7d62930d64e83cd847c3c69e7cc C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

2001-08-28 12:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2001-08-28 12:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

2001-08-28 12:00 11776 2c2431b30a629123c1757582c9d93f38 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

2001-08-28 12:00 13312 f95275cf5e7c30cea58b0b1b7b40210f C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-20_10.10.33.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 08:05:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 09:12:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-17 17:40 639488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 18:51 192512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLFyXP]
jkkLFyXP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-16 12:33:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-05-16 12:33:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:12:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\APPS\ActivBoard\Traymon.exe
C:\APPS\ActivBoard\osd.exe
C:\APPS\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 11:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 09:17:05
ComboFix2.txt 2008-05-20 08:11:26

Pre-Run: 69,560,254,464 octets libres
Post-Run: 69,571,174,400 octets libres

274 --- E O F --- 2008-05-17 21:39:46

raport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:42, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-823518204-725345543-1006\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://80.237.209.20/objects/NpFv41629.dll
O20 - Winlogon Notify: jkkLFyXP - jkkLFyXP.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

jlpjlp · Answer

ok


scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

___________________


 colle le rapport d'un scan en ligne 
avec un des suivants:  (désactiver avast le temps du scan)


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

macos · Answer

j ai un autre souci cette fois si c' est Win32:HeliosBinder-F [Trj] n y a t il pas une solution pour finir avec  tout ca une fois pour toute svp merci

jlpjlp · Answer

colle les rapports du message 11

macos · Answer

scan PANDA : 

Exportar a: 
 Amenazas con desinfección gratuita (2)
Peligrosidad baja (2) Bck/VB.XB Virus Latente Ocultar + Info No desinfectable 
 1. C:\Documents and Settings\Adnen\Bureau\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
 
 Rootkit/Booto.... Virus Latente Ocultar + Info   
 1. C:\System Volume Information\_restore{A45409A...94C-5285C803E9FA}\RP39\A0025546.sys
2. C:\System Volume Information\_restore{A45409A...94C-5285C803E9FA}\RP39\A0023521.sys
 

Sólo disponible para usuarios registrados.
Registrarme gratis - Estoy registrado 
 Amenazas con desinfección de pago (13)
Peligrosidad media (1) Spyware/Virtum... Spyware Latente Ocultar + Info   
 1. C:\System Volume Information\_restore{A45409A...94C-5285C803E9FA}\RP39\A0023508.dll
 

Peligrosidad baja (12) Cookie/Xiti Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@xiti[1].txt
2. C:\Documents and Settings\Adnen\Application D...vwi.default\cookies.txt[.xiti.com/]
 
 Application/Ps... Aplicación espía Latente Ocultar + Info   
 1. C:\System Volume Information\_restore{A45409A...94C-5285C803E9FA}\RP39\A0025556.EXE
2. C:\System Volume Information\_restore{A45409A...94C-5285C803E9FA}\RP39\A0023532.EXE
 
 Cookie/Serving... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@bs.serving-sys[2].txt
 
 Cookie/Smartad... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Application D...lt\cookies.txt[.smartadserver.com/]
 
 Cookie/Serving... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@serving-sys[1].txt
 
 Cookie/Weboram... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@weborama[1].txt
 
 Application/Ps... Aplicación espía Latente Ocultar + Info   
 1. C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
2. C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
 
 Cookie/Adverti... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@advertising[2].txt
2. C:\Documents and Settings\Adnen\Application D...ault\cookies.txt[.advertising.com/]
 
 adware/windowe... Adware Latente Ocultar + Info   
 1. c:\windows\system32\sbutils
 
 Cookie/Atlas D... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@atdmt[2].txt
 
 Cookie/Doublec... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Application D...ault\cookies.txt[.doubleclick.net/]
2. C:\Documents and Settings\Adnen\Cookies\adnen@doubleclick[1].txt
 
 Cookie/Bluestr... Cookie espía Latente Ocultar + Info   
 1. C:\Documents and Settings\Adnen\Cookies\adnen@bluestreak[1].txt
 

Sólo disponible en versión de pago.
Comprar - Soy cliente 
 Archivos sospechosos (0)
 
 Vulnerabilidades (8)
MS07-033 Alta + Info 
MS07-069 Alta + Info 
MS07-057 Alta + Info 
MS07-027 Alta + Info 
MS07-016 Alta + Info 
MS07-046 Alta + Info 
MS07-045 Alta + Info 
MS07-043 Alta + Info 

 Condiciones de uso -  © Panda Security 2008

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-21 11:54:33
PROTECTIONS: 0
MALWARE: 15
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00039703  Application/Pskill.A               HackTools           No        0         Yes            No           C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
00039703  Application/Pskill.A               HackTools           No        0         Yes            No           C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
00103551  adware/windowenhancer              Adware              No        0         Yes            No           c:\windows\system32\sbutils
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.doubleclick.net/]
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@atdmt[2].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@xiti[1].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.xiti.com/]
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@serving-sys[1].txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@bs.serving-sys[2].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@weborama[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@advertising[2].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.advertising.com/]
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Cookies\adnen@bluestreak[1].txt
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.smartadserver.com/]
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.smartadserver.com/]
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Adnen\Application Data\Mozilla\Firefox\Profiles\7n9n7vwi.default\cookies.txt[.smartadserver.com/]
01176994  Bck/VB.XB                          Virus/Trojan        No        0         No             No           C:\Documents and Settings\Adnen\Bureau\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\System Volume Information\_restore{A45409A2-136B-4604-B94C-5285C803E9FA}\RP39\A0025556.EXE
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\System Volume Information\_restore{A45409A2-136B-4604-B94C-5285C803E9FA}\RP39\A0023532.EXE
02885963  Rootkit/Booto.C                    Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{A45409A2-136B-4604-B94C-5285C803E9FA}\RP39\A0025546.sys
02885963  Rootkit/Booto.C                    Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{A45409A2-136B-4604-B94C-5285C803E9FA}\RP39\A0023521.sys
02980347  Spyware/Virtumonde                 Spyware             No        1         Yes            No           C:\System Volume Information\_restore{A45409A2-136B-4604-B94C-5285C803E9FA}\RP39\A0023508.dll
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              p
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                p
;===================================================================================================================================================================================
  182048  HIGH       MS07-069                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  176382  HIGH       MS07-057                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  170907  HIGH       MS07-046                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  170906  HIGH       MS07-045                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  170904  HIGH       MS07-043                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  164913  HIGH       MS07-033                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  160623  HIGH       MS07-027                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
  150253  HIGH       MS07-016                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   p
;===================================================================================================================================================================================



Malwarebytes' Anti-Malware 1.12
Version de la base de données: 768

Type de recherche: Examen rapide
Eléments examinés: 36147
Temps écoulé: 6 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

jlpjlp · Answer

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system\RESTORE.INS
c:\windows\system32\sbutils

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________

vire ce qui est dans moved files en allant dans poste d etravail puis C pouis OTMOVIT


______
vire combofix de ton ordi

________

desactive ta restauration puis redemarre ton ordi puis réactive la

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

____________

nettoie ton ordi avec ccleaner
https://www.malekal.com/tutoriel-ccleaner/

____________

encore des souics???

macos · Answer

voila le rapport OTMoveIt :


C:\WINDOWS\system\RESTORE.INS moved successfully.
File/Folder c:\windows\system32\sbutils not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05222008_154736

Win32:Vundo@dll [Trj] URGENT

16 réponses

Discussions similaires