Votre question

ComboFIX n'a rien changé

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Juin 2008 00:43:59

Bonjour à tous je suis nouveau sur le forum et j'ai 16 ans ,
Comme vous le voyer sur le titre du topic j'ai du utiliser ComboFIX car j'ai un virus qui m'empeche d'aller sur certain site comme Skyrock mais aussi des recherches sur google etc...
J'ai suivi le tuto sur le site BleepingComputer mais je me suis vite rendu compte que les sites ne marchaient toujours pas.
Je fais donc appel a vous pour m'aider a résoudre mon problème.

Le log ComboFIX Suivi d'un log HijackTHIS :

ComboFix 08-06-20.4 - Sacha 2008-06-27 0:21:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1481 [GMT 2:00]
Endroit: C:\Documents and Settings\Sacha\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sacha\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM17826aee.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gdclluwa.ini
C:\WINDOWS\system32\GMStwyay.ini
C:\WINDOWS\system32\GMStwyay.ini2
C:\WINDOWS\system32\lloaajeb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhvppqmt.ini
C:\WINDOWS\system32\OWwGQqru.ini
C:\WINDOWS\system32\OWwGQqru.ini2
C:\WINDOWS\system32\urqQGwWO.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))
.

2008-06-27 00:24 . 2008-06-27 00:24 294 ---hs---- C:\WINDOWS\system32\gdclluwa.ini
2008-06-26 11:51 . 2008-06-26 11:51 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-26 11:02 . 2008-06-26 11:02 106,496 --a------ C:\WINDOWS\system32\jqjmgjrq.dll
2008-06-26 11:02 . 2008-06-26 11:02 80,896 --a------ C:\WINDOWS\system32\awullcdg.dll
2008-06-26 11:00 . 2008-06-26 11:00 91,648 --a------ C:\WINDOWS\system32\ngpveiyd.dll
2008-06-26 10:54 . 2008-06-27 00:26 872,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-26 10:54 . 2008-06-27 00:22 15,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 10:52 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-26 10:52 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-06-26 10:51 . 2008-06-26 10:52 <REP> d-------- C:\Program Files\ZoneAlarm
2008-06-25 17:43 . 2008-06-25 17:52 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Hamachi
2008-06-25 17:42 . 2008-06-25 17:43 <REP> d-------- C:\Program Files\Hamachi
2008-06-25 17:42 . 2008-06-25 17:42 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-25 11:41 . 2008-06-25 11:41 99,840 --a------ C:\WINDOWS\system32\ojimxddh.dll
2008-06-25 11:35 . 2008-06-25 11:35 91,136 --a------ C:\WINDOWS\system32\thqhhdnv.dll
2008-06-24 21:24 . 2008-06-24 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-24 20:42 . 2008-06-24 20:42 25,600 --a------ C:\WINDOWS\system32\byXPJCVo.dll
2008-06-24 19:29 . 2008-06-24 19:29 <REP> d-------- C:\Program Files\Microsoft Games
2008-06-24 11:48 . 2007-01-25 19:31 88,952 --a------ C:\WINDOWS\system32\_packet.dlluninstall
2008-06-21 14:41 . 2008-06-21 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-06-14 12:47 . 2008-06-14 12:47 <REP> d-------- C:\Program Files\LClock
2008-06-11 14:06 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:06 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 14:50 . 2008-06-08 14:50 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 14:50 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-08 14:49 . 2008-06-08 14:49 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 14:49 . 2008-06-08 14:49 <REP> d-------- C:\b107ea99f1a440f28d86
2008-06-07 22:32 . 2008-06-07 22:32 <REP> d-------- C:\Program Files\MsnChecker
2008-06-04 16:36 . 2008-06-04 16:36 <REP> d-------- C:\Program Files\No-IP
2008-06-04 15:45 . 2003-07-18 01:40 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-04 01:17 . 2008-03-28 01:19 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-04 01:17 . 2008-03-29 02:08 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-04 01:17 . 2008-06-04 01:17 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-01 19:09 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-01 19:09 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-05-31 23:22 . 2008-06-01 12:41 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-31 23:22 . 2008-06-01 12:41 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-31 23:22 . 2008-06-01 12:41 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-31 23:15 . 2000-10-03 19:54 2,998 --a------ C:\WINDOWS\setup.ico
2008-05-31 23:14 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\ZeusIsUninst.Exe
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Sierra
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Program Files\Sierra On-Line
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Documents and Settings\Sacha\WINDOWS
2008-05-31 23:13 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 23:13 . 2008-05-31 23:15 336 --a------ C:\WINDOWS\SIERRA.INI
2008-05-30 23:54 . 2008-05-30 23:54 <REP> d-------- C:\ijji
2008-05-30 18:30 . 2008-05-30 18:31 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-05-30 18:28 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-30 15:58 . 2008-05-30 15:58 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-30 15:58 . 2008-05-30 16:00 <REP> d-------- C:\WINDOWS\NV22481472.TMP
2008-05-30 15:58 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-30 15:51 . 2008-05-30 15:51 <REP> d-------- C:\Program Files\Western Digital
2008-05-29 23:53 . 2008-06-24 16:35 <REP> d-------- C:\Downloads
2008-05-29 20:16 . 2008-05-29 20:16 <REP> d-------- C:\Program Files\CreateInstall v4
2008-05-28 21:16 . 2008-05-29 23:24 <REP> d-------- C:\Documents and Settings\Sacha\iWizz
2008-05-28 21:15 . 2008-05-28 21:15 <REP> d-------- C:\Program Files\iWizz
2008-05-28 21:15 . 2008-05-28 21:15 <REP> d-------- C:\Documents and Settings\Sacha\.bitrock

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 13:28 --------- d-----w C:\Program Files\FlashGet
2008-06-24 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 23:02 --------- d-----w C:\Documents and Settings\Sacha\Application Data\mIRC
2008-05-31 22:51 --------- d-----w C:\Program Files\mIRC
2008-05-30 21:59 --------- d--h--w C:\Documents and Settings\Sacha\Application Data\ijjigame
2008-05-30 21:54 --------- d-----w C:\Program Files\Gunz
2008-05-30 16:13 --------- d-----w C:\Program Files\Electronic Arts
2008-05-30 13:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-30 13:41 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-29 15:47 --------- d-----w C:\Program Files\Messenger Plus!
2008-05-25 17:52 --------- d-----w C:\Documents and Settings\Sacha\Application Data\DivX
2008-05-25 17:51 --------- d-----w C:\Program Files\DivX
2008-05-24 06:52 --------- d-----w C:\Program Files\Avast4
2008-05-16 16:44 --------- d-----w C:\Documents and Settings\Sacha\Application Data\SystemRequirementsLab
2008-05-16 16:42 --------- d-----w C:\Program Files\Java
2008-05-16 16:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-15 18:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-15 18:23 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-10 22:55 --------- d-----w C:\Program Files\Custo
2008-05-10 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 14:40 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-05-07 14:40 --------- d-----w C:\Program Files\Finderbar 1.5
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 21:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-03 21:46 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-03 20:56 62,394 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-03 20:56 4,654 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-03 20:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-03 20:39 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-03 20:19 --------- d-----w C:\Program Files\FLVPlayer
2008-05-02 23:25 --------- d-----w C:\Program Files\SpeedFan
2008-05-02 21:39 --------- d-----w C:\Documents and Settings\Sacha\Application Data\DeepBurner
2008-05-02 21:09 --------- d-----w C:\Program Files\ProcessGuard
2008-05-02 21:01 --------- d-----w C:\Program Files\DeepBurner
2008-05-02 09:15 --------- d-----w C:\Documents and Settings\Sacha\Application Data\Styler
2008-05-01 18:13 --------- d-----w C:\Program Files\Attansic
2008-04-30 21:50 --------- d-----w C:\Documents and Settings\Sacha\Application Data\teamspeak2
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-30 13:01 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-04-30 12:34 --------- d-----w C:\Program Files\RocketDock
2008-04-28 18:37 --------- d-----w C:\Documents and Settings\Sacha\Application Data\OpenOffice.org2
2008-04-28 16:30 --------- d-----w C:\Program Files\Logitech
2008-04-28 16:30 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-04-26 15:33 --------- d-----w C:\Program Files\Free FLV Converter
2008-04-26 15:23 --------- d-----w C:\Documents and Settings\Sacha\Application Data\Apple Computer
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-28 03:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-28 01:21 22,328 ----a-w C:\Documents and Settings\Sacha\Application Data\PnkBstrK.sys
2008-03-28 01:19 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-28 01:19 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-28 00:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-27 23:27 21,504 ----a-w C:\WINDOWS\jestertb.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

------- Sigcheck -------

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bbe53a4-a87a-440b-8909-cb71474398c6}]
2008-06-26 11:02 106496 --a------ C:\WINDOWS\system32\jqjmgjrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}]
2008-06-24 20:42 25600 --a------ C:\WINDOWS\system32\byXPJCVo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC97D7E0-8315-4392-B1BF-EDBC819F8178}]
C:\WINDOWS\system32\yaywtSMG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"removecpl"="RemoveCpl.exe" []
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"14b15972"="C:\WINDOWS\system32\awullcdg.dll" [2008-06-26 11:02 80896]
"BM17826aee"="C:\WINDOWS\system32\ngpveiyd.dll" [2008-06-26 11:00 91648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}"= C:\WINDOWS\system32\byXPJCVo.dll [2008-06-24 20:42 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPJCVo]
byXPJCVo.dll 2008-06-24 20:42 25600 C:\WINDOWS\system32\byXPJCVo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount]
--a------ 2005-01-20 14:14 184320 C:\Program Files\ProcessGuard\pgaccount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup]
--a------ 2005-01-20 14:24 280064 C:\Program Files\ProcessGuard\procguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Program Files\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\Steam\\steamapps\\sacha_20002003@hotmail.com\\Counter-strike\\hl.exe"=
"D:\\Program Files\\Wolfenstein\\ET.exe"=
"D:\\Program Files\\Steam\\steamapps\\vincetigou\\counter-strike source\\hl2.exe"=
"D:\\Program Files\\Steam\\steamapps\\sacha_20002003@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"E:\\EasyPHP1-8\\apache\\Apache.exe"=
"E:\\Mes Documents\\Prog du Disque C\\PrizeeHack\\Prizee\\HandyCache\\HandyCache.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"D:\\Program Files\\Steam\\steamapps\\lucas007833\\dark messiah might and magic multi-player\\mm.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"D:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;"C:\Program Files\ProcessGuard\dcsuserprot.exe" [2005-01-20 14:25]
R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 14:13]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\launcher.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-25 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 00:24:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXPJCVo.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\awullcdg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Custo\Styler\Styler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-27 0:28:29 - machine was rebooted [Sacha]
ComboFix-quarantined-files.txt 2008-06-26 22:28:26

Pre-Run: 7,636,377,600 octets libres
Post-Run: 7,625,478,144 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /noguiboot /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

313 --- E O F --- 2008-06-20 23:51:14

Et un log HijackTHIS pour le route :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:48:20, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LClock\lclock.exe
C:\Program Files\Custo\Styler\Styler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sacha\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Custo\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM17826aee] Rundll32.exe "C:\WINDOWS\system32\urjmhjko.dll",s
O4 - HKLM\..\Run: [14b15972] rundll32.exe "C:\WINDOWS\system32\glljwdtt.dll",b
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD6CC2D2-131E-4C22-8BB3-EEA91E783F88}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{06CE44BF-D100-4633-95FB-E09D065C8092}: NameServer = 192.168.0.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{3B242483-E813-467A-A45A-0B0B678BC2C4}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 6843 bytes

Merci d'avance

PS : Je pense que le fichier byXPJCVo.dll a quelque chose a voir la dedans.. Si sa peut vous aidez ...

Autres pages sur : combofix rien changa

27 Juin 2008 11:11:52

:hello:  Bonjour,

Je te prends en charge d'ici peu, au plus tard en début d'après-midi ;) 
Contenus similaires
27 Juin 2008 16:23:54

:hello: 

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

Citation :
File::
C:\WINDOWS\system32\gdclluwa.ini
C:\WINDOWS\system32\jqjmgjrq.dll
C:\WINDOWS\system32\awullcdg.dll
C:\WINDOWS\system32\ngpveiyd.dll
C:\WINDOWS\system32\ojimxddh.dll
C:\WINDOWS\system32\thqhhdnv.dll
C:\WINDOWS\system32\byXPJCVo.dll

Folder::
C:\Program Files\Dealio
C:\Program Files\Search Settings

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bbe53a4-a87a-440b-8909-cb71474398c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC97D7E0-8315-4392-B1BF-EDBC819F8178}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"14b15972"=-
"BM17826aee"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPJCVo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]


=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

;) 
27 Juin 2008 20:03:02

Ok je fais sa quand je suis cher moi dans quelques jours
28 Juin 2008 20:35:57

Voila je te remercie tous marche nickel ,voila les deux rapport.

HiJackThis :


C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sacha\Bureau\Menu\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {53b3bb17-ee96-c44b-eaf4-c1f554a2f86e} - {e68f2a45-5f1c-4fae-b44c-69ee71bb3b35} - C:\WINDOWS\system32\itbibnxo.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD6CC2D2-131E-4C22-8BB3-EEA91E783F88}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{06CE44BF-D100-4633-95FB-E09D065C8092}: NameServer = 192.168.0.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{3B242483-E813-467A-A45A-0B0B678BC2C4}: NameServer = 192.168.0.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 6787 bytes

ComboFix :

ComboFix 08-06-20.4 - Sacha 2008-06-28 20:25:42.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1570 [GMT 2:00]
Endroit: C:\Documents and Settings\Sacha\Bureau\Menu\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sacha\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\awullcdg.dll
C:\WINDOWS\system32\byXPJCVo.dll
C:\WINDOWS\system32\gdclluwa.ini
C:\WINDOWS\system32\jqjmgjrq.dll
C:\WINDOWS\system32\ngpveiyd.dll
C:\WINDOWS\system32\ojimxddh.dll
C:\WINDOWS\system32\thqhhdnv.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM17826aee.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXPJCVo.dll
C:\WINDOWS\system32\gdclluwa.ini
C:\WINDOWS\system32\jqjmgjrq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ngpveiyd.dll
C:\WINDOWS\system32\nnnoOGww.dll
C:\WINDOWS\system32\ojimxddh.dll
C:\WINDOWS\system32\thqhhdnv.dll
C:\WINDOWS\system32\ttdwjllg.ini
C:\WINDOWS\system32\wwGOonnn.ini
C:\WINDOWS\system32\wwGOonnn.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
.

2008-06-28 20:25 . 2008-06-28 20:25 90,624 --a------ C:\WINDOWS\system32\qlrnwaya.dll
2008-06-27 01:51 . 2008-06-27 01:51 <REP> d-------- C:\Program Files\Avira
2008-06-27 01:51 . 2008-06-27 01:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-27 00:35 . 2008-06-27 00:35 80,896 --a------ C:\WINDOWS\system32\glljwdtt.dll
2008-06-27 00:34 . 2008-06-27 00:34 106,496 --a------ C:\WINDOWS\system32\itbibnxo.dll
2008-06-27 00:34 . 2008-06-27 00:34 91,648 --a------ C:\WINDOWS\system32\urjmhjko.dll
2008-06-26 11:51 . 2008-06-26 11:51 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-26 10:54 . 2008-06-28 20:31 1,057,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-26 10:54 . 2008-06-28 20:28 19,388 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 10:52 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-26 10:52 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-06-26 10:51 . 2008-06-26 10:52 <REP> d-------- C:\Program Files\ZoneAlarm
2008-06-25 17:43 . 2008-06-25 17:52 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Hamachi
2008-06-25 17:42 . 2008-06-25 17:43 <REP> d-------- C:\Program Files\Hamachi
2008-06-25 17:42 . 2008-06-25 17:42 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-24 21:24 . 2008-06-24 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-24 19:29 . 2008-06-24 19:29 <REP> d-------- C:\Program Files\Microsoft Games
2008-06-24 11:48 . 2007-01-25 19:31 88,952 --a------ C:\WINDOWS\system32\_packet.dlluninstall
2008-06-21 14:41 . 2008-06-21 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-06-14 12:47 . 2008-06-14 12:47 <REP> d-------- C:\Program Files\LClock
2008-06-11 14:06 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:06 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 14:50 . 2008-06-08 14:50 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 14:50 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-08 14:49 . 2008-06-08 14:49 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 14:49 . 2008-06-08 14:49 <REP> d-------- C:\b107ea99f1a440f28d86
2008-06-07 22:32 . 2008-06-07 22:32 <REP> d-------- C:\Program Files\MsnChecker
2008-06-04 16:36 . 2008-06-04 16:36 <REP> d-------- C:\Program Files\No-IP
2008-06-04 15:45 . 2003-07-18 01:40 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-04 01:17 . 2008-03-28 01:19 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-04 01:17 . 2008-03-29 02:08 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-04 01:17 . 2008-06-04 01:17 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-01 19:09 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-01 19:09 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-05-31 23:22 . 2008-06-01 12:41 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-31 23:22 . 2008-06-01 12:41 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-31 23:22 . 2008-06-01 12:41 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-31 23:15 . 2000-10-03 19:54 2,998 --a------ C:\WINDOWS\setup.ico
2008-05-31 23:14 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\ZeusIsUninst.Exe
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Sierra
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Program Files\Sierra On-Line
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Documents and Settings\Sacha\WINDOWS
2008-05-31 23:13 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 23:13 . 2008-05-31 23:15 336 --a------ C:\WINDOWS\SIERRA.INI
2008-05-30 23:54 . 2008-05-30 23:54 <REP> d-------- C:\ijji
2008-05-30 18:30 . 2008-05-30 18:31 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-05-30 18:28 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-30 15:58 . 2008-05-30 15:58 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-30 15:58 . 2008-05-30 16:00 <REP> d-------- C:\WINDOWS\NV22481472.TMP
2008-05-30 15:58 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-30 15:51 . 2008-05-30 15:51 <REP> d-------- C:\Program Files\Western Digital
2008-05-29 23:53 . 2008-06-24 16:35 <REP> d-------- C:\Downloads
2008-05-29 20:16 . 2008-05-29 20:16 <REP> d-------- C:\Program Files\CreateInstall v4
2008-05-28 21:16 . 2008-05-29 23:24 <REP> d-------- C:\Documents and Settings\Sacha\iWizz
2008-05-28 21:15 . 2008-05-28 21:15 <REP> d-------- C:\Program Files\iWizz
2008-05-28 21:15 . 2008-05-28 21:15 <REP> d-------- C:\Documents and Settings\Sacha\.bitrock

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 23:50 --------- d-----w C:\Program Files\Avast4
2008-06-25 13:28 --------- d-----w C:\Program Files\FlashGet
2008-06-24 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 23:02 --------- d-----w C:\Documents and Settings\Sacha\Application Data\mIRC
2008-05-31 22:51 --------- d-----w C:\Program Files\mIRC
2008-05-30 21:59 --------- d--h--w C:\Documents and Settings\Sacha\Application Data\ijjigame
2008-05-30 21:54 --------- d-----w C:\Program Files\Gunz
2008-05-30 16:13 --------- d-----w C:\Program Files\Electronic Arts
2008-05-30 13:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-30 13:41 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-29 15:47 --------- d-----w C:\Program Files\Messenger Plus!
2008-05-25 17:52 --------- d-----w C:\Documents and Settings\Sacha\Application Data\DivX
2008-05-25 17:51 --------- d-----w C:\Program Files\DivX
2008-05-16 16:44 --------- d-----w C:\Documents and Settings\Sacha\Application Data\SystemRequirementsLab
2008-05-16 16:42 --------- d-----w C:\Program Files\Java
2008-05-16 16:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-15 18:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-15 18:23 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-10 22:55 --------- d-----w C:\Program Files\Custo
2008-05-10 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 14:40 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-05-07 14:40 --------- d-----w C:\Program Files\Finderbar 1.5
2008-05-03 21:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-03 20:56 62,394 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-03 20:56 4,654 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-03 20:39 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-03 20:19 --------- d-----w C:\Program Files\FLVPlayer
2008-05-03 03:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-02 23:25 --------- d-----w C:\Program Files\SpeedFan
2008-05-02 21:39 --------- d-----w C:\Documents and Settings\Sacha\Application Data\DeepBurner
2008-05-02 21:09 --------- d-----w C:\Program Files\ProcessGuard
2008-05-02 21:01 --------- d-----w C:\Program Files\DeepBurner
2008-05-02 09:15 --------- d-----w C:\Documents and Settings\Sacha\Application Data\Styler
2008-05-01 18:13 --------- d-----w C:\Program Files\Attansic
2008-04-30 21:50 --------- d-----w C:\Documents and Settings\Sacha\Application Data\teamspeak2
2008-04-30 13:01 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-04-30 12:34 --------- d-----w C:\Program Files\RocketDock
2008-04-28 18:37 --------- d-----w C:\Documents and Settings\Sacha\Application Data\OpenOffice.org2
2008-04-28 16:30 --------- d-----w C:\Program Files\Logitech
2008-04-28 16:30 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-03-28 01:21 22,328 ----a-w C:\Documents and Settings\Sacha\Application Data\PnkBstrK.sys
2008-03-28 00:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

------- Sigcheck -------

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_ 0.28.12.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 22:23:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 18:28:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 23:48:29 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e68f2a45-5f1c-4fae-b44c-69ee71bb3b35}]
2008-06-27 00:34 106496 --a------ C:\WINDOWS\system32\itbibnxo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"removecpl"="RemoveCpl.exe" []
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount]
--a------ 2005-01-20 14:14 184320 C:\Program Files\ProcessGuard\pgaccount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup]
--a------ 2005-01-20 14:24 280064 C:\Program Files\ProcessGuard\procguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Program Files\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\Steam\\steamapps\\sacha_20002003@hotmail.com\\Counter-strike\\hl.exe"=
"D:\\Program Files\\Wolfenstein\\ET.exe"=
"D:\\Program Files\\Steam\\steamapps\\vincetigou\\counter-strike source\\hl2.exe"=
"D:\\Program Files\\Steam\\steamapps\\sacha_20002003@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"E:\\EasyPHP1-8\\apache\\Apache.exe"=
"E:\\Mes Documents\\Prog du Disque C\\PrizeeHack\\Prizee\\HandyCache\\HandyCache.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"D:\\Program Files\\Steam\\steamapps\\lucas007833\\dark messiah might and magic multi-player\\mm.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"D:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;"C:\Program Files\ProcessGuard\dcsuserprot.exe" [2005-01-20 14:25]
R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 14:13]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\launcher.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-25 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 20:29:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-28 20:34:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 18:34:37
ComboFix2.txt 2008-06-26 22:28:30

Pre-Run: 7,511,429,120 octets libres
Post-Run: 7,481,135,104 octets libres

277 --- E O F --- 2008-06-20 23:51:14

Je te remercie encore ;) 

PS : AntiVir me dit toujours que j'ai des dll infectée ...
29 Juin 2008 14:38:36

:hello:  Bonjour,

Normal tu es toujours infecté(e) :) 

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.

***

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

Citation :
File::
C:\WINDOWS\system32\qlrnwaya.dll
C:\WINDOWS\system32\glljwdtt.dll
C:\WINDOWS\system32\itbibnxo.dll
C:\WINDOWS\system32\urjmhjko.dll
C:\WINDOWS\system32\BuzzingBee.wav

FileLook::
C:\WINDOWS\system32\vsutil_loc040c.dll
C:\WINDOWS\zllsputility_loc040c.dll
C:\WINDOWS\system32\imsinstall_loc040c.dll
C:\WINDOWS\system32\imslsp_install_loc040c.dll
C:\WINDOWS\system32\_packet.dlluninstall
C:\WINDOWS\_MSRSTRT.EXE

DirLook::
C:\b107ea99f1a440f28d86
C:\ijji
C:\Documents and Settings\Sacha\Application Data\ijjigame

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e68f2a45-5f1c-4fae-b44c-69ee71bb3b35}]


=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

;) 
29 Juin 2008 19:23:48

Voila c'est fait ,voila les log ;-)

HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:45, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sacha\Bureau\Menu\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD6CC2D2-131E-4C22-8BB3-EEA91E783F88}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{42454B20-8EBE-4D5E-B3E0-2E97DC80F0D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{06CE44BF-D100-4633-95FB-E09D065C8092}: NameServer = 192.168.0.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{3B242483-E813-467A-A45A-0B0B678BC2C4}: NameServer = 192.168.0.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

--
End of file - 6766 bytes

ComboFIX :


ComboFix 08-06-20.4 - Sacha 2008-06-29 19:19:59.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1551 [GMT 2:00]
Endroit: C:\Documents and Settings\Sacha\Bureau\Menu\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sacha\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\BuzzingBee.wav
C:\WINDOWS\system32\glljwdtt.dll
C:\WINDOWS\system32\itbibnxo.dll
C:\WINDOWS\system32\qlrnwaya.dll
C:\WINDOWS\system32\urjmhjko.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BuzzingBee.wav
C:\WINDOWS\system32\itbibnxo.dll
C:\WINDOWS\system32\qlrnwaya.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
.

2008-06-27 01:51 . 2008-06-27 01:51 <REP> d-------- C:\Program Files\Avira
2008-06-27 01:51 . 2008-06-27 01:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-26 10:54 . 2008-06-29 19:22 1,220,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-26 10:54 . 2008-06-29 02:49 21,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 10:52 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-26 10:52 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-06-26 10:52 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-06-26 10:51 . 2008-06-26 10:52 <REP> d-------- C:\Program Files\ZoneAlarm
2008-06-25 17:43 . 2008-06-25 17:52 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Hamachi
2008-06-25 17:42 . 2008-06-25 17:43 <REP> d-------- C:\Program Files\Hamachi
2008-06-25 17:42 . 2008-06-25 17:42 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-24 21:24 . 2008-06-24 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-24 19:29 . 2008-06-24 19:29 <REP> d-------- C:\Program Files\Microsoft Games
2008-06-24 11:48 . 2007-01-25 19:31 88,952 --a------ C:\WINDOWS\system32\_packet.dlluninstall
2008-06-21 14:41 . 2008-06-21 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-06-14 12:47 . 2008-06-14 12:47 <REP> d-------- C:\Program Files\LClock
2008-06-11 14:06 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:06 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 14:50 . 2008-06-08 14:50 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 14:50 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-08 14:49 . 2008-06-08 14:49 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 14:49 . 2008-06-08 14:49 <REP> d-------- C:\b107ea99f1a440f28d86
2008-06-07 22:32 . 2008-06-07 22:32 <REP> d-------- C:\Program Files\MsnChecker
2008-06-04 16:36 . 2008-06-04 16:36 <REP> d-------- C:\Program Files\No-IP
2008-06-04 15:45 . 2003-07-18 01:40 265,728 -ra------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-04 01:17 . 2008-03-28 01:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-04 01:17 . 2008-03-29 02:08 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-04 01:17 . 2008-03-29 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-04 01:17 . 2008-06-04 01:17 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-01 19:09 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-06-01 19:09 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-05-31 23:22 . 2008-06-01 12:41 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-31 23:22 . 2008-06-01 12:41 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-31 23:22 . 2008-06-01 12:41 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-31 23:15 . 2000-10-03 19:54 2,998 --a------ C:\WINDOWS\setup.ico
2008-05-31 23:14 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\ZeusIsUninst.Exe
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Sierra
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Program Files\Sierra On-Line
2008-05-31 23:13 . 2008-05-31 23:13 <REP> d-------- C:\Documents and Settings\Sacha\WINDOWS
2008-05-31 23:13 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 23:13 . 2008-05-31 23:15 336 --a------ C:\WINDOWS\SIERRA.INI
2008-05-30 23:54 . 2008-05-30 23:54 <REP> d-------- C:\ijji
2008-05-30 18:30 . 2008-05-30 18:31 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-05-30 18:28 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-30 15:58 . 2008-05-30 15:58 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-30 15:58 . 2008-05-30 16:00 <REP> d-------- C:\WINDOWS\NV22481472.TMP
2008-05-30 15:58 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-30 15:51 . 2008-05-30 15:51 <REP> d-------- C:\Program Files\Western Digital
2008-05-29 23:53 . 2008-06-24 16:35 <REP> d-------- C:\Downloads
2008-05-29 20:16 . 2008-05-29 20:16 <REP> d-------- C:\Program Files\CreateInstall v4

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 12:16 2,893,824 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-29 12:16 1,380,864 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-26 23:50 --------- d-----w C:\Program Files\Avast4
2008-06-25 13:28 --------- d-----w C:\Program Files\FlashGet
2008-06-24 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 23:02 --------- d-----w C:\Documents and Settings\Sacha\Application Data\mIRC
2008-05-31 22:51 --------- d-----w C:\Program Files\mIRC
2008-05-30 21:59 --------- d--h--w C:\Documents and Settings\Sacha\Application Data\ijjigame
2008-05-30 21:54 --------- d-----w C:\Program Files\Gunz
2008-05-30 16:13 --------- d-----w C:\Program Files\Electronic Arts
2008-05-30 13:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-30 13:41 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-29 15:47 --------- d-----w C:\Program Files\Messenger Plus!
2008-05-28 19:15 --------- d-----w C:\Program Files\iWizz
2008-05-25 17:52 --------- d-----w C:\Documents and Settings\Sacha\Application Data\DivX
2008-05-25 17:51 --------- d-----w C:\Program Files\DivX
2008-05-16 16:44 --------- d-----w C:\Documents and Settings\Sacha\Application Data\SystemRequirementsLab
2008-05-16 16:42 --------- d-----w C:\Program Files\Java
2008-05-16 16:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-15 18:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-15 18:23 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-10 22:55 --------- d-----w C:\Program Files\Custo
2008-05-10 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 14:40 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-05-07 14:40 --------- d-----w C:\Program Files\Finderbar 1.5
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 21:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-03 21:46 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-03 20:56 62,394 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-03 20:56 4,654 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-03 20:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-03 20:39 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-03 20:19 --------- d-----w C:\Program Files\FLVPlayer
2008-05-02 23:25 --------- d-----w C:\Program Files\SpeedFan
2008-05-02 21:39 --------- d-----w C:\Documents and Settings\Sacha\Application Data\DeepBurner
2008-05-02 21:09 --------- d-----w C:\Program Files\ProcessGuard
2008-05-02 21:01 --------- d-----w C:\Program Files\DeepBurner
2008-05-02 09:15 --------- d-----w C:\Documents and Settings\Sacha\Application Data\Styler
2008-05-01 18:13 --------- d-----w C:\Program Files\Attansic
2008-04-30 21:50 --------- d-----w C:\Documents and Settings\Sacha\Application Data\teamspeak2
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-30 13:01 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-04-30 12:34 --------- d-----w C:\Program Files\RocketDock
2008-04-28 18:37 --------- d-----w C:\Documents and Settings\Sacha\Application Data\OpenOffice.org2
2008-04-28 16:30 --------- d-----w C:\Program Files\Logitech
2008-04-28 16:30 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-28 01:21 22,328 ----a-w C:\Documents and Settings\Sacha\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\_MSRSTRT.EXE -- Unable to find Resource table header.
MD5: 815372073da85b2098a37ded84083c8a


---- C:\WINDOWS\system32\_packet.dlluninstall ----
Company: CACE Technologies
File Description: packet.dll (NT5) Dynamic Link Library
File Version: 4.0.0.755
Product Name: WinPcap
Copyright: Copyright ¸ 2005-2007 CACE Technologies. Copyright ¸ 1999-2005 NetGroup, Politecnico di Torino.
Original file name: packet.dll
MD5: 9062aeea8cbfc4f0780bbbefad7cebcb


---- C:\WINDOWS\system32\imsinstall_loc040c.dll ----
Company: Zone Labs, Inc.
File Description: Programme dinstallation fournisseur ZoneAlarm IMsecure LSP
File Version: 1, 5, 0, 31
Product Name: IMsecure Pro
Copyright: Copyright (c) 1998-2004, Zone Labs, Inc.
Original file name: imsinstall.dll
MD5: e9b41ab0633cd32061385ff399d2209a


---- C:\WINDOWS\system32\imslsp_install_loc040c.dll ----
Company: Zone Labs, Inc.
File Description: Programme d'installation d'IMsecure
File Version: 1, 5, 0, 31
Product Name: IMsecure Pro
Copyright: Copyright (c) 1998-2004, Zone Labs, Inc.
Original file name: imslsp_install.exe
MD5: a28bc312abdff46b6df1b4765f772f79


---- C:\WINDOWS\system32\vsutil_loc040c.dll ----
Company: Zone Labs Inc.
File Description: TrueVector Service
File Version: 5.3.017.000
Product Name: TrueVector Service
Copyright: Copyright ¸ 1998-2004, Zone Labs Inc.
Original file name: vsutil.dll
MD5: d1f6a91e44ae2e6c335c05356c6e3e56


---- C:\WINDOWS\zllsputility_loc040c.dll ----
Company: Zone Labs Inc.
File Description: Utilitaire de suppression LSP de ZoneLabs
File Version: 5.3.017.000
Product Name: Utilitaire de suppression LSP de ZoneLabs
Copyright: Copyright ¸ 1998-2004, Zone Labs Inc.
Original file name: zllsputility.exe
MD5: f5a4dfda60fee13856151762e099717f

---- Directory of C:\b107ea99f1a440f28d86 ----

2006-11-02 11:46 13312 --a------ C:\b107ea99f1a440f28d86\update\wpdinstallutil.dll
2006-05-16 18:11 716000 --a------ C:\b107ea99f1a440f28d86\update\update.exe

---- Directory of C:\Documents and Settings\Sacha\Application Data\ijjigame ----

2008-05-30 23:59 75 --a------ C:\Documents and Settings\Sacha\Application Data\ijjigame\HUL\gamekind.ini
2008-05-30 23:59 337197168 --a------ C:\Documents and Settings\Sacha\Application Data\ijjigame\U_SFInstaller.exe
2008-05-30 23:59 1093 --a------ C:\Documents and Settings\Sacha\Application Data\ijjigame\HUL\u_sf_launcher.hul
2008-05-30 23:53 1015 --a------ C:\Documents and Settings\Sacha\Application Data\ijjigame\HUL\u_gunz_launcher.hul
2008-03-29 02:58 925696 --a------ C:\Documents and Settings\Sacha\Application Data\ijjigame\ijjistarter2.exe
2008-03-29 01:32 925696 --a------ C:\Documents and Settings\Sacha\Application Data\ijjigame\ijjistarter2FxB.exe

---- Directory of C:\ijji ----

2008-05-27 18:31 868352 --------- C:\ijji\ENGLISH\u_gunz.exe
2008-05-08 19:29 69632 --------- C:\ijji\ENGLISH\ijjiLauncher_PostPluginDll_03.dll
2008-05-08 00:24 53248 --------- C:\ijji\ENGLISH\ijjiLauncher_PrePluginDll_01.dll
2008-05-07 19:54 688128 --------- C:\ijji\ENGLISH\u_sf.exe
2008-04-21 22:10 155648 --------- C:\ijji\ENGLISH\XSystem.dll
2008-04-17 18:55 77824 --------- C:\ijji\ENGLISH\XStream.dll
2008-04-17 18:55 53248 --------- C:\ijji\ENGLISH\XPlatform.dll
2008-04-17 18:55 229376 --------- C:\ijji\ENGLISH\XInNetwork.dll
2008-03-14 02:52 475136 --------- C:\ijji\ENGLISH\NeoBit.dll
2008-03-10 02:56 573440 --------- C:\ijji\ENGLISH\PiXel.dll
2008-01-24 23:41 274 --------- C:\ijji\ENGLISH\nb_option.dat
2008-01-08 01:34 4286 --------- C:\ijji\ENGLISH\common\images\hgc2008.ico
2008-01-08 01:34 4286 --------- C:\ijji\ENGLISH\common\images\hgb2008.ico


------- Sigcheck -------

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_ 0.28.12.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 22:23:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 17:12:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 23:48:29 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"removecpl"="RemoveCpl.exe" []
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount]
--a------ 2005-01-20 14:14 184320 C:\Program Files\ProcessGuard\pgaccount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup]
--a------ 2005-01-20 14:24 280064 C:\Program Files\ProcessGuard\procguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Program Files\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\Steam\\steamapps\\sacha_20002003@hotmail.com\\Counter-strike\\hl.exe"=
"D:\\Program Files\\Wolfenstein\\ET.exe"=
"D:\\Program Files\\Steam\\steamapps\\vincetigou\\counter-strike source\\hl2.exe"=
"D:\\Program Files\\Steam\\steamapps\\sacha_20002003@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"E:\\EasyPHP1-8\\apache\\Apache.exe"=
"E:\\Mes Documents\\Prog du Disque C\\PrizeeHack\\Prizee\\HandyCache\\HandyCache.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"D:\\Program Files\\Steam\\steamapps\\lucas007833\\dark messiah might and magic multi-player\\mm.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"D:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;"C:\Program Files\ProcessGuard\dcsuserprot.exe" [2005-01-20 14:25]
R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 14:13]
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\launcher.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-25 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 19:21:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-29 19:23:18
ComboFix-quarantined-files.txt 2008-06-29 17:22:42
ComboFix2.txt 2008-06-28 18:34:41
ComboFix3.txt 2008-06-26 22:28:30

Pre-Run: 7,372,038,144 octets libres
Post-Run: 7,347,527,680 octets libres

328 --- E O F --- 2008-06-20 23:51:14
29 Juin 2008 23:29:40

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    30 Juin 2008 14:39:43

    Rapport MalwareBytes :

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 907
    Windows 5.1.2600 Service Pack 2

    13:45:12 30/06/2008
    mbam-log-6-30-2008 (13-45-00).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 199320
    Temps écoulé: 24 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\byXPJCVo.dll.vir (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{0696B038-6A68-40C4-9655-1FE5B6A783B2}\RP138\A0027848.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{0696B038-6A68-40C4-9655-1FE5B6A783B2}\RP138\A0031067.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{0696B038-6A68-40C4-9655-1FE5B6A783B2}\RP138\A0031099.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{0696B038-6A68-40C4-9655-1FE5B6A783B2}\RP143\A0031712.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
    30 Juin 2008 17:36:14

    Re,

    D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :

    [~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    [~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
    Tu recocheras après.

    [~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

    Désactive l'UAC( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
    Et affiche les dossiers/fichiers cachés : http://www.micro-astuce.com/Forum/topic1607.html

    ***

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\_MSRSTRT.EXE
    C:\b107ea99f1a440f28d86\update\update.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    5 Juillet 2008 16:15:08

    Désoler d'avoir mis tant de temps a répondre
    1 :


    Fichier _MSRSTRT.EXE reçu le 2008.07.01 04:54:09 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - Win-AppCare/Reboot.2560
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - Tool.Win32.Reboot (Not a Virus)
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - -
    Fortinet - - -
    GData - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    Prevx1 - - -
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    TrendMicro - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - -
    Information additionnelle
    MD5: 815372073da85b2098a37ded84083c8a
    SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa
    SHA256: 166e8fe44186f356e162ceac313100d0992b70d3a6a029906c2242afc8691c85
    SHA512: 2847b1284f86bfe8717148dfa2b22d4bb092252fbe9356c49d86a5c0a76df7d5833f725a9126a3613678c6e19bc26e53ba4a538e7902d1c87cbd33854950804e

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - Win-AppCare/Reboot.2560
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - Tool.Win32.Reboot (Not a Virus)
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - -
    Fortinet - - -
    GData - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    Prevx1 - - -
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    TrendMicro - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - -

    Information additionnelle
    MD5: 815372073da85b2098a37ded84083c8a
    SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa
    SHA256: 166e8fe44186f356e162ceac313100d0992b70d3a6a029906c2242afc8691c85
    SHA512: 2847b1284f86bfe8717148dfa2b22d4bb092252fbe9356c49d86a5c0a76df7d5833f725a9126a3613678c6e19bc26e53ba4a538e7902d1c87cbd33854950804e

    2 :


    Fichier update.exe reçu le 2008.07.04 18:38:51 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.7.4.1 2008.07.04 -
    AntiVir 7.8.0.64 2008.07.04 -
    Authentium 5.1.0.4 2008.07.04 -
    Avast 4.8.1195.0 2008.07.04 -
    AVG 7.5.0.516 2008.07.03 -
    BitDefender 7.2 2008.07.04 -
    CAT-QuickHeal 9.50 2008.07.04 -
    ClamAV 0.93.1 2008.07.04 -
    DrWeb 4.44.0.09170 2008.07.04 -
    eSafe 7.0.17.0 2008.07.03 -
    eTrust-Vet 31.6.5927 2008.07.04 -
    Ewido 4.0 2008.07.04 -
    F-Prot 4.4.4.56 2008.07.03 -
    F-Secure 7.60.13501.0 2008.07.03 -
    Fortinet 3.14.0.0 2008.07.04 -
    GData 2.0.7306.1023 2008.07.04 -
    Ikarus T3.1.1.26.0 2008.07.04 -
    Kaspersky 7.0.0.125 2008.07.04 -
    McAfee 5332 2008.07.04 -
    Microsoft 1.3704 2008.07.04 -
    NOD32v2 3243 2008.07.04 -
    Norman 5.80.02 2008.07.04 -
    Panda 9.0.0.4 2008.07.03 -
    Prevx1 V2 2008.07.04 -
    Rising 20.51.42.00 2008.07.04 -
    Sophos 4.31.0 2008.07.04 -
    Sunbelt 3.1.1509.1 2008.07.04 -
    Symantec 10 2008.07.04 -
    TheHacker 6.2.96.370 2008.07.04 -
    TrendMicro 8.700.0.1004 2008.07.04 -
    VBA32 3.12.6.8 2008.07.03 -
    VirusBuster 4.5.11.0 2008.07.04 -
    Webwasher-Gateway 6.6.2 2008.07.04 -
    Information additionnelle
    File size: 716000 bytes
    MD5...: 0b630c8656b1ea82c82b929d51fa351b
    SHA1..: 2be63bbb8e54a471bbc4bda98c9157903e821be2
    SHA256: 480bbbbd89d8275bacdd5cfce22d845785de61a1fbee787ebd2f67c54eaf3e21
    SHA512: 9d804dc534627abc3b7625fe505bfdc6bdb33a23ae46fe6263beb380d92b1dd3<br>5b2d1b3a272c87f709413c30f6cd4e6bc271c3ae3ccfb13081679acbe035ebda
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1065e2c<br>timedatestamp.....: 0x42c1810b (Tue Jun 28 16:55:39 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8ec5e 0x8ee00 6.70 1c8e8be02417527cd7131c54163b8b26<br>.data 0x90000 0x7da14 0x1000 4.53 d58b2f80c25f1a24868bf0b233385a9f<br>.rsrc 0x10e000 0x1ce48 0x1d000 4.01 5ddf633725f47ba514c2eea0248fb33a<br><br>( 19 imports ) <br>> ADVAPI32.dll: RegSaveKeyA, AbortSystemShutdownA, RegOpenKeyExW, RegCloseKey, RegQueryValueExA, EnumServicesStatusExA, OpenServiceW, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, FreeSid, RegSetKeySecurity, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AllocateAndInitializeSid, CloseServiceHandle, ControlService, StartServiceA, OpenServiceA, OpenSCManagerA, RegDeleteValueA, RegOpenKeyA, GetServiceDisplayNameA, QueryServiceStatus, SetFileSecurityA, AddAccessAllowedAce, InitializeAcl, EnumDependentServicesA, RegFlushKey, GetFileSecurityA, RegQueryInfoKeyA, AddAce, SetFileSecurityW, GetAclInformation, CopySid, GetLengthSid, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, AdjustTokenPrivileges, RegUnLoadKeyA, RegLoadKeyA, OpenProcessToken, DeregisterEventSource, ReportEventA, RegisterEventSourceA, GetTokenInformation, SetNamedSecurityInfoA, GetNamedSecurityInfoA, UnlockServiceDatabase, ChangeServiceConfigA, QueryServiceConfigA, LockServiceDatabase, InitiateSystemShutdownA<br>> COMCTL32.dll: CreatePropertySheetPageW, PropertySheetW<br>> CRYPT32.dll: CertAddCertificateContextToStore, CertSetCertificateContextProperty, CertCreateCertificateContext, CryptEncodeObject, CertOpenStore, CertCloseStore, CertFreeCertificateContext<br>> GDI32.dll: StretchBlt, GetDIBits, CreateCompatibleDC, DeleteObject, CreateFontIndirectA, GetDeviceCaps, BitBlt, SelectObject<br>> imagehlp.dll: EnumerateLoadedModules64<br>> KERNEL32.dll: GetFullPathNameA, ExitProcess, SetUnhandledExceptionFilter, SetEnvironmentVariableA, GetSystemInfo, lstrlenA, FreeResource, LockResource, LoadResource, FindResourceA, LoadLibraryExA, GetTempPathA, GetCurrentProcess, GetDiskFreeSpaceExA, GetDiskFreeSpaceA, GetCompressedFileSizeA, GetComputerNameA, ReleaseSemaphore, SetEndOfFile, InterlockedDecrement, GetCurrentThread, GetExitCodeThread, CreateSemaphoreA, MoveFileA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, DosDateTimeToFileTime, HeapCreate, HeapDestroy, GlobalAlloc, LocalFileTimeToFileTime, SetFileTime, GetFileInformationByHandle, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, FileTimeToDosDateTime, OpenFileMappingA, GetVolumeInformationA, DuplicateHandle, GetSystemDefaultLangID, GetModuleFileNameW, ReleaseMutex, CopyFileW, GetTempFileNameW, GetVersionExW, ExpandEnvironmentStringsW, SearchPathW, lstrcpyW, lstrcpynW, GetDriveTypeW, lstrlenW, GetLocalTime, OpenEventA, GetFileSizeEx, GetFullPathNameW, InterlockedIncrement, CreateRemoteThread, VirtualAllocEx, WriteProcessMemory, CreateEventW, QueryDosDeviceA, DefineDosDeviceA, lstrcpynA, LoadLibraryW, FindFirstFileW, lstrcmpiW, FindNextFileW, MapViewOfFileEx, CreateProcessA, GetExitCodeProcess, FlushFileBuffers, HeapFree, GetProcessHeap, HeapAlloc, FlushViewOfFile, CreateFileW, DeleteFileW, GetFileTime, GetStartupInfoA, DelayLoadFailureHook, lstrcmpA, GetWindowsDirectoryW, GetVolumeInformationW, SetErrorMode, GetCommandLineA, GetCommandLineW, CreateMutexA, CreateProcessW, WaitForSingleObject, GetModuleHandleA, FormatMessageW, ReadFile, GetTickCount, CreateEventA, CreateThread, SetThreadPriority, WaitForMultipleObjects, SetEvent, RemoveDirectoryA, EnterCriticalSection, LeaveCriticalSection, FileTimeToLocalFileTime, FileTimeToSystemTime, DeviceIoControl, GetFileAttributesExA, VirtualFree, WritePrivateProfileStringA, SetCurrentDirectoryA, GetModuleFileNameA, GetEnvironmentVariableA, InitializeCriticalSection, Sleep, GetThreadLocale, GetLocaleInfoA, GetPrivateProfileStringA, VirtualAlloc, SetFilePointer, WriteFile, InterlockedCompareExchange, GetSystemDirectoryA, GetTempFileNameA, CopyFileA, OpenProcess, MoveFileExA, SetFileAttributesA, GetVersionExA, LocalAlloc, LocalFree, SetLastError, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, GetDriveTypeA, ExpandEnvironmentStringsA, FindFirstFileA, FindNextFileA, FindClose, MultiByteToWideChar, WideCharToMultiByte, lstrcmpiA, FormatMessageA, GetFileAttributesA, CreateDirectoryA, GetSystemDirectoryW, LoadLibraryA, GetProcAddress, GetLastError, GetWindowsDirectoryA, DeleteFileA, RaiseException, FreeLibrary, VirtualProtect, TlsFree, TlsAlloc, TlsGetValue, GetSystemTime, InitializeCriticalSectionAndSpinCount, GetVersion, TlsSetValue, DeleteCriticalSection<br>> MPR.dll: WNetGetUserA, WNetGetUniversalNameA<br>> msvcrt.dll: strncpy, _except_handler3, strchr, _stricmp, sprintf, strrchr, mbstowcs, malloc, free, _vsnprintf, strncmp, memmove, vsprintf, strncat, _wcsdup, _errno, _open, _read, _write, _close, _lseek, remove, _tempnam, wcscat, _vsnwprintf, ctime, wcscpy, rename, wcsstr, _itoa, _local_unwind2, _memicmp, atoi, realloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, swprintf, wcslen, _strnicmp, memchr, _strcmpi, _snprintf, _terminate@@YAXXZ, __1type_info@@UAE@XZ, wcstoul, _snwprintf, _mbslwr, strstr, _strdup, calloc, getenv, strtoul, _wcsicmp, _ltoa, _mbsupr, wcschr, fprintf, strcspn, isdigit, wcsrchr, wcscmp, wcsncat, wcsncpy, toupper, strspn, atol, strpbrk, isspace, _ultoa, _wtoi64, _wcslwr, strtok, _itow, _what@exception@@UBEPBDXZ, __1exception@@UAE@XZ, __0exception@@QAE@ABQBD@Z, __CxxFrameHandler, __3@YAXPAX@Z, __0exception@@QAE@ABV0@@Z, _CxxThrowException, fclose, __2@YAPAXI@Z, fopen<br>> ntdll.dll: NtQuerySystemTime, RtlFreeUnicodeString, RtlInitUnicodeString, RtlUnicodeStringToAnsiString, NtClose, NtAdjustPrivilegesToken, NtOpenProcessToken, NtQueryInformationProcess, RtlCharToInteger, LdrAccessResource, LdrFindResource_U, NtQuerySystemInformation, NtShutdownSystem, RtlFreeHeap, RtlAllocateHeap, RtlRaiseStatus, NtYieldExecution, NtSetSystemInformation, NtCreateSection, NtOpenFile, NtOpenSection, NtOpenDirectoryObject, RtlCompareUnicodeString, NtCreateFile, RtlDosPathNameToNtPathName_U, RtlTimeToTimeFields, LdrUnloadDll, NtFreeVirtualMemory, NtQueryInformationThread, NtWaitForSingleObject, RtlCreateUserThread, NtWriteVirtualMemory, NtAllocateVirtualMemory, NtOpenProcess, LdrGetProcedureAddress, LdrLoadDll, RtlDestroyHeap, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlGetAce, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, RtlCreateHeap, DbgPrint, RtlFreeAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString<br>> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize<br>> OLEAUT32.dll: -<br>> PSAPI.DLL: GetModuleFileNameExA<br>> RPCRT4.dll: UuidFromStringA<br>> SHELL32.dll: SHGetPathFromIDListA, SHGetMalloc, SHBrowseForFolderA, SHGetSpecialFolderPathA<br>> UPDSPAPI.dll: UpdSpFindNextMatchLineW, UpdSpFindFirstLineW, UpdSpGetMultiSzFieldW, UpdSpGetTargetPathW, UpdSpFindNextLine, UpdSpGetFieldCount, UpdSpGetLineTextA, UpdSpSetDynamicStringA, UpdSpGetStringFieldA, UpdSpGetLineByIndexA, UpdSpGetLineCountA, UpdSpInstallFilesFromInfSectionA, UpdSpSetDirectoryIdA, UpdSpCloseInfFile, UpdSpOpenInfFileA, UpdSpGetLineTextW, UpdSpScanFileQueueA, UpdSpGetBinaryField, UpdSpGetIntField, UpdSpQueueCopyA, UpdSpInstallFromInfSectionA, UpdSpGetTargetPathA, UpdSpDecompressOrCopyFileA, UpdSpDefaultQueueCallbackA, UpdSpDefaultQueueCallbackW, UpdSpCloseFileQueue, UpdSpGetSourceFileLocationA, UpdSpGetSourceInfoA, UpdSpOpenFileQueue, UpdSpCommitFileQueueA, UpdSpGetStringFieldW, UpdSpGetLineByIndexW, UpdSpGetLineCountW, UpdSpIterateCabinetA, UpdSpInitDefaultQueueCallbackEx, UpdSpPromptForDiskA, UpdSpCopyErrorA, UpdSpFindFirstLineA<br>> USER32.dll: CloseWindowStation, EnumDesktopsA, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationA, GetThreadDesktop, SetThreadDesktop, EnumWindows, CloseDesktop, GetClientRect, FindWindowExA, GetWindowThreadProcessId, GetWindow, RegisterClassA, CreateWindowExA, DefWindowProcA, MessageBoxW, EnumWindowStationsA, wvsprintfW, OpenDesktopA, GetSystemMetrics, LoadStringA, LoadStringW, MessageBoxA, PostQuitMessage, DestroyWindow, SendMessageA, SetDlgItemTextA, ShowWindow, EnableWindow, GetDlgItem, DispatchMessageA, TranslateMessage, GetMessageA, PostThreadMessageA, SetWindowTextW, RedrawWindow, SetWindowLongA, GetWindowLongA, GetWindowTextA, PostMessageA, EnumChildWindows, SetDlgItemTextW, LoadBitmapA, IsDlgButtonChecked, SetTimer, CheckDlgButton, KillTimer, ReleaseDC, GetDC, SystemParametersInfoA, SetForegroundWindow, SetWindowTextA, EndDialog, DialogBoxParamA, GetDesktopWindow, SetFocus<br>> USERENV.dll: -, -, -<br>> VERSION.dll: VerQueryValueA, VerQueryValueW, GetFileVersionInfoA, GetFileVersionInfoSizeA, GetFileVersionInfoW, GetFileVersionInfoSizeW<br>> WINSPOOL.DRV: GetPrinterDriverDirectoryA<br><br>( 0 exports ) <br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.7.4.1 2008.07.04 -
    AntiVir 7.8.0.64 2008.07.04 -
    Authentium 5.1.0.4 2008.07.04 -
    Avast 4.8.1195.0 2008.07.04 -
    AVG 7.5.0.516 2008.07.03 -
    BitDefender 7.2 2008.07.04 -
    CAT-QuickHeal 9.50 2008.07.04 -
    ClamAV 0.93.1 2008.07.04 -
    DrWeb 4.44.0.09170 2008.07.04 -
    eSafe 7.0.17.0 2008.07.03 -
    eTrust-Vet 31.6.5927 2008.07.04 -
    Ewido 4.0 2008.07.04 -
    F-Prot 4.4.4.56 2008.07.03 -
    F-Secure 7.60.13501.0 2008.07.03 -
    Fortinet 3.14.0.0 2008.07.04 -
    GData 2.0.7306.1023 2008.07.04 -
    Ikarus T3.1.1.26.0 2008.07.04 -
    Kaspersky 7.0.0.125 2008.07.04 -
    McAfee 5332 2008.07.04 -
    Microsoft 1.3704 2008.07.04 -
    NOD32v2 3243 2008.07.04 -
    Norman 5.80.02 2008.07.04 -
    Panda 9.0.0.4 2008.07.03 -
    Prevx1 V2 2008.07.04 -
    Rising 20.51.42.00 2008.07.04 -
    Sophos 4.31.0 2008.07.04 -
    Sunbelt 3.1.1509.1 2008.07.04 -
    Symantec 10 2008.07.04 -
    TheHacker 6.2.96.370 2008.07.04 -
    TrendMicro 8.700.0.1004 2008.07.04 -
    VBA32 3.12.6.8 2008.07.03 -
    VirusBuster 4.5.11.0 2008.07.04 -
    Webwasher-Gateway 6.6.2 2008.07.04 -

    Information additionnelle
    File size: 716000 bytes
    MD5...: 0b630c8656b1ea82c82b929d51fa351b
    SHA1..: 2be63bbb8e54a471bbc4bda98c9157903e821be2
    SHA256: 480bbbbd89d8275bacdd5cfce22d845785de61a1fbee787ebd2f67c54eaf3e21
    SHA512: 9d804dc534627abc3b7625fe505bfdc6bdb33a23ae46fe6263beb380d92b1dd3<br>5b2d1b3a272c87f709413c30f6cd4e6bc271c3ae3ccfb13081679acbe035ebda
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1065e2c<br>timedatestamp.....: 0x42c1810b (Tue Jun 28 16:55:39 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8ec5e 0x8ee00 6.70 1c8e8be02417527cd7131c54163b8b26<br>.data 0x90000 0x7da14 0x1000 4.53 d58b2f80c25f1a24868bf0b233385a9f<br>.rsrc 0x10e000 0x1ce48 0x1d000 4.01 5ddf633725f47ba514c2eea0248fb33a<br><br>( 19 imports ) <br>> ADVAPI32.dll: RegSaveKeyA, AbortSystemShutdownA, RegOpenKeyExW, RegCloseKey, RegQueryValueExA, EnumServicesStatusExA, OpenServiceW, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, FreeSid, RegSetKeySecurity, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AllocateAndInitializeSid, CloseServiceHandle, ControlService, StartServiceA, OpenServiceA, OpenSCManagerA, RegDeleteValueA, RegOpenKeyA, GetServiceDisplayNameA, QueryServiceStatus, SetFileSecurityA, AddAccessAllowedAce, InitializeAcl, EnumDependentServicesA, RegFlushKey, GetFileSecurityA, RegQueryInfoKeyA, AddAce, SetFileSecurityW, GetAclInformation, CopySid, GetLengthSid, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, AdjustTokenPrivileges, RegUnLoadKeyA, RegLoadKeyA, OpenProcessToken, DeregisterEventSource, ReportEventA, RegisterEventSourceA, GetTokenInformation, SetNamedSecurityInfoA, GetNamedSecurityInfoA, UnlockServiceDatabase, ChangeServiceConfigA, QueryServiceConfigA, LockServiceDatabase, InitiateSystemShutdownA<br>> COMCTL32.dll: CreatePropertySheetPageW, PropertySheetW<br>> CRYPT32.dll: CertAddCertificateContextToStore, CertSetCertificateContextProperty, CertCreateCertificateContext, CryptEncodeObject, CertOpenStore, CertCloseStore, CertFreeCertificateContext<br>> GDI32.dll: StretchBlt, GetDIBits, CreateCompatibleDC, DeleteObject, CreateFontIndirectA, GetDeviceCaps, BitBlt, SelectObject<br>> imagehlp.dll: EnumerateLoadedModules64<br>> KERNEL32.dll: GetFullPathNameA, ExitProcess, SetUnhandledExceptionFilter, SetEnvironmentVariableA, GetSystemInfo, lstrlenA, FreeResource, LockResource, LoadResource, FindResourceA, LoadLibraryExA, GetTempPathA, GetCurrentProcess, GetDiskFreeSpaceExA, GetDiskFreeSpaceA, GetCompressedFileSizeA, GetComputerNameA, ReleaseSemaphore, SetEndOfFile, InterlockedDecrement, GetCurrentThread, GetExitCodeThread, CreateSemaphoreA, MoveFileA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, DosDateTimeToFileTime, HeapCreate, HeapDestroy, GlobalAlloc, LocalFileTimeToFileTime, SetFileTime, GetFileInformationByHandle, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, FileTimeToDosDateTime, OpenFileMappingA, GetVolumeInformationA, DuplicateHandle, GetSystemDefaultLangID, GetModuleFileNameW, ReleaseMutex, CopyFileW, GetTempFileNameW, GetVersionExW, ExpandEnvironmentStringsW, SearchPathW, lstrcpyW, lstrcpynW, GetDriveTypeW, lstrlenW, GetLocalTime, OpenEventA, GetFileSizeEx, GetFullPathNameW, InterlockedIncrement, CreateRemoteThread, VirtualAllocEx, WriteProcessMemory, CreateEventW, QueryDosDeviceA, DefineDosDeviceA, lstrcpynA, LoadLibraryW, FindFirstFileW, lstrcmpiW, FindNextFileW, MapViewOfFileEx, CreateProcessA, GetExitCodeProcess, FlushFileBuffers, HeapFree, GetProcessHeap, HeapAlloc, FlushViewOfFile, CreateFileW, DeleteFileW, GetFileTime, GetStartupInfoA, DelayLoadFailureHook, lstrcmpA, GetWindowsDirectoryW, GetVolumeInformationW, SetErrorMode, GetCommandLineA, GetCommandLineW, CreateMutexA, CreateProcessW, WaitForSingleObject, GetModuleHandleA, FormatMessageW, ReadFile, GetTickCount, CreateEventA, CreateThread, SetThreadPriority, WaitForMultipleObjects, SetEvent, RemoveDirectoryA, EnterCriticalSection, LeaveCriticalSection, FileTimeToLocalFileTime, FileTimeToSystemTime, DeviceIoControl, GetFileAttributesExA, VirtualFree, WritePrivateProfileStringA, SetCurrentDirectoryA, GetModuleFileNameA, GetEnvironmentVariableA, InitializeCriticalSection, Sleep, GetThreadLocale, GetLocaleInfoA, GetPrivateProfileStringA, VirtualAlloc, SetFilePointer, WriteFile, InterlockedCompareExchange, GetSystemDirectoryA, GetTempFileNameA, CopyFileA, OpenProcess, MoveFileExA, SetFileAttributesA, GetVersionExA, LocalAlloc, LocalFree, SetLastError, CreateFileA, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, GetDriveTypeA, ExpandEnvironmentStringsA, FindFirstFileA, FindNextFileA, FindClose, MultiByteToWideChar, WideCharToMultiByte, lstrcmpiA, FormatMessageA, GetFileAttributesA, CreateDirectoryA, GetSystemDirectoryW, LoadLibraryA, GetProcAddress, GetLastError, GetWindowsDirectoryA, DeleteFileA, RaiseException, FreeLibrary, VirtualProtect, TlsFree, TlsAlloc, TlsGetValue, GetSystemTime, InitializeCriticalSectionAndSpinCount, GetVersion, TlsSetValue, DeleteCriticalSection<br>> MPR.dll: WNetGetUserA, WNetGetUniversalNameA<br>> msvcrt.dll: strncpy, _except_handler3, strchr, _stricmp, sprintf, strrchr, mbstowcs, malloc, free, _vsnprintf, strncmp, memmove, vsprintf, strncat, _wcsdup, _errno, _open, _read, _write, _close, _lseek, remove, _tempnam, wcscat, _vsnwprintf, ctime, wcscpy, rename, wcsstr, _itoa, _local_unwind2, _memicmp, atoi, realloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, swprintf, wcslen, _strnicmp, memchr, _strcmpi, _snprintf, _terminate@@YAXXZ, __1type_info@@UAE@XZ, wcstoul, _snwprintf, _mbslwr, strstr, _strdup, calloc, getenv, strtoul, _wcsicmp, _ltoa, _mbsupr, wcschr, fprintf, strcspn, isdigit, wcsrchr, wcscmp, wcsncat, wcsncpy, toupper, strspn, atol, strpbrk, isspace, _ultoa, _wtoi64, _wcslwr, strtok, _itow, _what@exception@@UBEPBDXZ, __1exception@@UAE@XZ, __0exception@@QAE@ABQBD@Z, __CxxFrameHandler, __3@YAXPAX@Z, __0exception@@QAE@ABV0@@Z, _CxxThrowException, fclose, __2@YAPAXI@Z, fopen<br>> ntdll.dll: NtQuerySystemTime, RtlFreeUnicodeString, RtlInitUnicodeString, RtlUnicodeStringToAnsiString, NtClose, NtAdjustPrivilegesToken, NtOpenProcessToken, NtQueryInformationProcess, RtlCharToInteger, LdrAccessResource, LdrFindResource_U, NtQuerySystemInformation, NtShutdownSystem, RtlFreeHeap, RtlAllocateHeap, RtlRaiseStatus, NtYieldExecution, NtSetSystemInformation, NtCreateSection, NtOpenFile, NtOpenSection, NtOpenDirectoryObject, RtlCompareUnicodeString, NtCreateFile, RtlDosPathNameToNtPathName_U, RtlTimeToTimeFields, LdrUnloadDll, NtFreeVirtualMemory, NtQueryInformationThread, NtWaitForSingleObject, RtlCreateUserThread, NtWriteVirtualMemory, NtAllocateVirtualMemory, NtOpenProcess, LdrGetProcedureAddress, LdrLoadDll, RtlDestroyHeap, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlGetAce, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, RtlCreateHeap, DbgPrint, RtlFreeAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString<br>> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize<br>> OLEAUT32.dll: -<br>> PSAPI.DLL: GetModuleFileNameExA<br>> RPCRT4.dll: UuidFromStringA<br>> SHELL32.dll: SHGetPathFromIDListA, SHGetMalloc, SHBrowseForFolderA, SHGetSpecialFolderPathA<br>> UPDSPAPI.dll: UpdSpFindNextMatchLineW, UpdSpFindFirstLineW, UpdSpGetMultiSzFieldW, UpdSpGetTargetPathW, UpdSpFindNextLine, UpdSpGetFieldCount, UpdSpGetLineTextA, UpdSpSetDynamicStringA, UpdSpGetStringFieldA, UpdSpGetLineByIndexA, UpdSpGetLineCountA, UpdSpInstallFilesFromInfSectionA, UpdSpSetDirectoryIdA, UpdSpCloseInfFile, UpdSpOpenInfFileA, UpdSpGetLineTextW, UpdSpScanFileQueueA, UpdSpGetBinaryField, UpdSpGetIntField, UpdSpQueueCopyA, UpdSpInstallFromInfSectionA, UpdSpGetTargetPathA, UpdSpDecompressOrCopyFileA, UpdSpDefaultQueueCallbackA, UpdSpDefaultQueueCallbackW, UpdSpCloseFileQueue, UpdSpGetSourceFileLocationA, UpdSpGetSourceInfoA, UpdSpOpenFileQueue, UpdSpCommitFileQueueA, UpdSpGetStringFieldW, UpdSpGetLineByIndexW, UpdSpGetLineCountW, UpdSpIterateCabinetA, UpdSpInitDefaultQueueCallbackEx, UpdSpPromptForDiskA, UpdSpCopyErrorA, UpdSpFindFirstLineA<br>> USER32.dll: CloseWindowStation, EnumDesktopsA, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationA, GetThreadDesktop, SetThreadDesktop, EnumWindows, CloseDesktop, GetClientRect, FindWindowExA, GetWindowThreadProcessId, GetWindow, RegisterClassA, CreateWindowExA, DefWindowProcA, MessageBoxW, EnumWindowStationsA, wvsprintfW, OpenDesktopA, GetSystemMetrics, LoadStringA, LoadStringW, MessageBoxA, PostQuitMessage, DestroyWindow, SendMessageA, SetDlgItemTextA, ShowWindow, EnableWindow, GetDlgItem, DispatchMessageA, TranslateMessage, GetMessageA, PostThreadMessageA, SetWindowTextW, RedrawWindow, SetWindowLongA, GetWindowLongA, GetWindowTextA, PostMessageA, EnumChildWindows, SetDlgItemTextW, LoadBitmapA, IsDlgButtonChecked, SetTimer, CheckDlgButton, KillTimer, ReleaseDC, GetDC, SystemParametersInfoA, SetForegroundWindow, SetWindowTextA, EndDialog, DialogBoxParamA, GetDesktopWindow, SetFocus<br>> USERENV.dll: -, -, -<br>> VERSION.dll: VerQueryValueA, VerQueryValueW, GetFileVersionInfoA, GetFileVersionInfoSizeA, GetFileVersionInfoW, GetFileVersionInfoSizeW<br>> WINSPOOL.DRV: GetPrinterDriverDirectoryA<br><br>( 0 exports ) <br>
    6 Juillet 2008 18:09:29

    :hello:  Bonjour,

    Désolé, je n'ai pas été disponible ces deux derniers jours. De plus je pars en vacances demain.

    Merci d'envoyer un MP l'un des helpeurs présents sur le forum afin que ce dernier puisse continuer avec vous, dans la mesure de leurs disponibilités.

    Bonnes vacances.

    Mérillym.
    :hello: 
    a b 8 Sécurité
    6 Juillet 2008 21:45:19

    Bonjour,

    Tu as bien supprimé les infections avec MBAM ?
    8 Juillet 2008 14:14:21

    Ah sa non je ne pense pas :-/
    a b 8 Sécurité
    8 Juillet 2008 14:27:54

    Bah faut le faire :D 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS