Votre question

problème cheval de troie Win32BHO-KD

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Janvier 2008 18:20:54

bonsoir,

je suis infecté par ce trojan Win32BHO-KD

le fichier infecté est c:\windows\system32\bootvi.dll

avast antivirus le détecte mais ne peut pas le supprimer.


voici le rapport combofix, que dois je faire maintenant?


ComboFix 08-01-11.1 - Gauthier 2008-01-11 18:16:28.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.48 [GMT 1:00]
Running from: C:\Documents and Settings\Gauthier\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.

2008-01-11 17:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 22:12 . 2008-01-08 22:12 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-02 22:01 . 2008-01-02 22:01 <REP> d-------- C:\Program Files\MozBackup
2007-12-24 11:22 . 2007-07-31 14:57 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2007-12-24 11:22 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2007-12-24 11:22 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-12-24 11:21 . 2007-12-24 11:23 <REP> d-------- C:\Program Files\Orange HSS
2007-12-24 11:21 . 2007-12-24 11:21 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2007-12-24 11:14 . 2007-12-24 11:14 <REP> d-------- C:\Program Files\SAGEM WiFi manager
2007-12-24 11:14 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-12-24 11:14 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-12-24 11:13 . 2007-12-24 11:13 <REP> d-------- C:\Program Files\SAGEM
2007-12-24 11:13 . 2007-12-24 11:13 <REP> d-------- C:\Documents and Settings\Gauthier\Application Data\InstallShield
2007-12-24 11:11 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-12-24 11:11 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-12-24 11:11 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2007-12-24 11:04 . 2007-12-24 11:04 <REP> d-------- C:\Program Files\Securitoo
2007-12-13 13:44 . 2007-12-13 13:44 <REP> d-------- C:\Documents and Settings\Gauthier\java_plugin_AppletStore

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 17:09 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-11 11:30 --------- d-----w C:\Program Files\Incomplete
2008-01-11 10:51 --------- d-----w C:\Program Files\LimeWire
2008-01-08 22:06 --------- d-----w C:\Documents and Settings\Gauthier\Application Data\U3
2007-12-28 15:52 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-24 10:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 21:19 --------- d-----w C:\Documents and Settings\Gauthier\Application Data\ArcSoft
2007-12-06 21:05 19,456 ----a-w C:\WINDOWS\system32\drivers\vlhwzunx.dat
2007-12-04 14:56 93,264 ------w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ------w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ------w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ------w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ------w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-16 16:59 --------- d-----w C:\Program Files\Trend Micro
2007-11-14 08:41 --------- d-----w C:\Program Files\Lavasoft
2007-11-14 08:41 --------- d-----w C:\Documents and Settings\Gauthier\Application Data\Lavasoft
2007-11-13 22:03 --------- d-----w C:\Program Files\EA SPORTS
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 19:03 40,731 ------w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-07 18:22 102,400 ------w C:\WINDOWS\MBDownloader_876932.exe
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ------w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 06:13 663,552 ------w C:\WINDOWS\system32\wininet.dll
2006-02-19 09:03 93,801 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_02_18_10_56_54_small.dmp.zip
2006-01-22 13:18 98,955 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_01_22_14_09_28_small.dmp.zip
2006-01-03 17:06 136,808 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_01_03_18_03_20_small.dmp.zip
2005-06-09 21:02 1,664 ------w C:\Documents and Settings\Gauthier\Application Data\wklnhst.dat
2005-05-19 12:05 71 ------w C:\Program Files\Fichiers communs\appop.log
2005-06-01 17:28 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CC514F5-5881-49c2-AD9E-6F7A89AB4F1B}]
C:\PROGRA~1\TRADUC~1\install.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F53574F-948F-4F25-A413-F8E8EF1D9C59}]
2004-08-05 20:00 97536 --a------ C:\WINDOWS\system32\bootvi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD}
{4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{4f75dc45-5a92-4352-bec4-4c32fb7df2a8}]
[HKEY_CLASSES_ROOT\XBTB00892.XBTB00892.1]
[HKEY_CLASSES_ROOT\TypeLib\{E58C2278-D4F6-4989-A42B-E72098CE0D6A}]
[HKEY_CLASSES_ROOT\XBTB00892.XBTB00892]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8}"= C:\Program Files\Traduction-online\install.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{4f75dc45-5a92-4352-bec4-4c32fb7df2a8}]
[HKEY_CLASSES_ROOT\XBTB00892.XBTB00892.1]
[HKEY_CLASSES_ROOT\TypeLib\{E58C2278-D4F6-4989-A42B-E72098CE0D6A}]
[HKEY_CLASSES_ROOT\XBTB00892.XBTB00892]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-11 09:04 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [ ]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 15:46 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 18:14 1867776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-01-05 15:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 08:16 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 13:42 212992]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 10:20 57393]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 10:39 40960]
"EoWeather"="" []
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 08:34 851968]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 20:05 339968]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-05 15:02 2750464 C:\WINDOWS\ALCWZRD.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-19 15:47 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"EoEngine"="C:\Program Files\eoRezo\EoEngine.exe" [ ]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 20:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-12-24 11:14:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 0 (0x0)

R0 utsmfsfq;utsmfsfq;C:\WINDOWS\system32\drivers\vlhwzunx.dat []
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S2 vdo_16fa-4216;vdo_16fa-4216;C:\WINDOWS\system32\vdo_16fa-4216.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 17:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 17:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 17:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 17:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 17:24]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-11 11:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 18:18:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\bootvi.dll
.
Completion time: 2008-01-11 18:20:17
ComboFix-quarantined-files.txt 2008-01-11 17:20:14
ComboFix2.txt 2008-01-11 17:03:00
ComboFix3.txt 2008-01-11 16:53:17
.
2008-01-08 21:13:35 --- E O F ---

Autres pages sur : probleme cheval troie win32bho

11 Janvier 2008 18:48:07

Hello ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
KillAll::

Driver::
utsmfsfq

File::
C:\WINDOWS\system32\drivers\vlhwzunx.dat
C:\WINDOWS\system32\bootvi.dll
C:\PROGRA~1\TRADUC~1\install.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CC514F5-5881-49c2-AD9E-6F7A89AB4F1B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F53574F-948F-4F25-A413-F8E8EF1D9C59}]
[-HKEY_CLASSES_ROOT\XBTB00892.XBTB00892.1]
[-HKEY_CLASSES_ROOT\XBTB00892.XBTB00892]
[-HKEY_CLASSES_ROOT\clsid\{4f75dc45-5a92-4352-bec4-4c32fb7df2a8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
"EoEngine"=-

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

---------------------------------------------------

Fais analyser ce fichier ici : Virustotal
Clique sur , choisis Poste de travail

puis C:\Program Files\Calendrier\Cld2000.exe

Clique maintenant sur

il sera analysé par une plusieurs Antivirus

copie / colle le rapport
12 Janvier 2008 15:27:20

Hello,

Merci pour la réponse ! Mais j’ai un autre soucis sur le PC que je dois résoudre avant… je verrais ce soucis après.

@+


Contenus similaires
12 Janvier 2008 15:39:47


Ne tarde pas trop , c'est pas une petite infection ...
13 Janvier 2008 15:15:53

bonjour,


merci bcp pour l'aide!

voici le rapport après analyse du fichier CFScript



ComboFix 08-01-09.2 - Gauthier 2008-01-13 14:59:11.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.230 [GMT 1:00]
Running from: C:\Documents and Settings\Gauthier\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gauthier\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\PROGRA~1\TRADUC~1\install.dll
C:\WINDOWS\system32\bootvi.dll
C:\WINDOWS\system32\drivers\vlhwzunx.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bootvi.dll
C:\WINDOWS\system32\drivers\vlhwzunx.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_UTSMFSFQ
-------\utsmfsfq


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
.

2008-01-11 17:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 22:12 . 2008-01-08 22:12 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-02 22:01 . 2008-01-02 22:01 <REP> d-------- C:\Program Files\MozBackup
2007-12-24 11:22 . 2007-07-31 14:57 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2007-12-24 11:22 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2007-12-24 11:22 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-12-24 11:21 . 2007-12-24 11:23 <REP> d-------- C:\Program Files\Orange HSS
2007-12-24 11:21 . 2007-12-24 11:21 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2007-12-24 11:14 . 2007-12-24 11:14 <REP> d-------- C:\Program Files\SAGEM WiFi manager
2007-12-24 11:14 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-12-24 11:14 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-12-24 11:13 . 2007-12-24 11:13 <REP> d-------- C:\Program Files\SAGEM
2007-12-24 11:13 . 2007-12-24 11:13 <REP> d-------- C:\Documents and Settings\Gauthier\Application Data\InstallShield
2007-12-24 11:11 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-12-24 11:11 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-12-24 11:11 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2007-12-24 11:04 . 2007-12-24 11:04 <REP> d-------- C:\Program Files\Securitoo
2007-12-13 13:44 . 2007-12-13 13:44 <REP> d-------- C:\Documents and Settings\Gauthier\java_plugin_AppletStore

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 14:13 --------- d-----w C:\Documents and Settings\Gauthier\Application Data\U3
2008-01-12 14:09 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-11 11:30 --------- d-----w C:\Program Files\Incomplete
2008-01-11 10:51 --------- d-----w C:\Program Files\LimeWire
2007-12-28 15:52 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-24 10:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 21:19 --------- d-----w C:\Documents and Settings\Gauthier\Application Data\ArcSoft
2007-12-04 14:56 93,264 ------w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ------w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ------w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ------w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ------w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-16 16:59 --------- d-----w C:\Program Files\Trend Micro
2007-11-14 08:41 --------- d-----w C:\Program Files\Lavasoft
2007-11-14 08:41 --------- d-----w C:\Documents and Settings\Gauthier\Application Data\Lavasoft
2007-11-13 22:03 --------- d-----w C:\Program Files\EA SPORTS
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 18:22 102,400 ------w C:\WINDOWS\MBDownloader_876932.exe
2005-06-09 21:02 1,664 ------w C:\Documents and Settings\Gauthier\Application Data\wklnhst.dat
2005-05-19 12:05 71 ------w C:\Program Files\Fichiers communs\appop.log
2005-06-01 17:28 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_17.52.56.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 16:43:42 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 13:58:35 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 16:43:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 13:58:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 16:43:42 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 13:58:35 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-11 16:43:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 13:58:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 16:43:43 9,859,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 13:58:36 9,859,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-11 16:43:43 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 13:58:37 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-11 16:49:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat
+ 2008-01-13 14:04:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-11 09:04 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [ ]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 15:46 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 18:14 1867776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-01-05 15:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 08:16 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 13:42 212992]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 10:20 57393]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 10:39 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 08:34 851968]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 20:05 339968]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-05 15:02 2750464 C:\WINDOWS\ALCWZRD.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-19 15:47 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 20:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 0 (0x0)

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S2 vdo_16fa-4216;vdo_16fa-4216;C:\WINDOWS\system32\vdo_16fa-4216.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 17:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 17:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 17:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 17:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 17:24]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-11 11:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 15:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 15:08:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 14:08:52
ComboFix2.txt 2008-01-11 17:20:18
ComboFix3.txt 2008-01-11 17:03:00
ComboFix4.txt 2008-01-11 16:53:17
.
2008-01-08 21:13:35 --- E O F ---
13 Janvier 2008 15:21:35

je n'ai pas le fichier C:\Program Files\Calendrier\Cld2000.exe sue mon PC...
13 Janvier 2008 19:49:08


Re ,

Reposte un HiJackThis
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS