Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business
 

1 utilisateur anonyme et 99 utilisateurs inconnus
 

 
Page photos
 
 Mot :  Pseudo :  
Vider la liste des messages à citer
 
 Page :
1
Auteur Sujet :

Encore "Vundo Gen" ( RESOLU)

franseve
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 05/04/2008 à 13:43:43  
 
Après l'infection de MSN j'ai aussi des messages de ANTIVIR concernant "Vundo Gen"
 Encore du travail pour l'analyste du forum !!
 ci-joint rapport hitjachkis et Combofix :
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 13:43:23, on 05/04/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16608)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Ahead\InCD\InCDsrv.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Cobian Backup 8\cbService.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\windows\system\hpsysdrv.exe
 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 C:\Program Files\Multimedia Card Reader\shwicon2k.exe
 C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\Program Files\Pinnacle\MediaServer\Mic​rosoft SQL Server\MSSQL$PINNACLESYS\Binn\​sqlservr.exe
 C:\Program Files\Ahead\InCD\InCD.exe
 C:\Program Files\Unlocker\UnlockerAssista​nt.exe
 C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe
 C:\Program Files\Windows Defender\MSASCui.exe
 C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 C:\Program Files\Cobian Backup 8\cbInterface.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\issch.exe
 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe
 C:\Program Files\Logitech\QuickCam\Quickc​am.exe
 C:\HP\KBD\KBD.EXE
 C:\WINDOWS\ALCXMNTR.EXE
 C:\Program Files\Spamihilator\spamihilato​r.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
 C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIMa​nager.exe
 C:\Program Files\Windows Live\Messenger\usnsvc.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
 C:\WINDOWS\explorer.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://aliceadsl.fr/
 R1 - HKCU\Software\Microsoft\Intern​et Connection Wizard,ShellNext = http://192.168.1.1/
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar3.dl​l
 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
 O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
 O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
 O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
 O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssista​nt.exe"
 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
 O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\​UPDATE~1\isuspm.exe -startup
 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\issch.exe" -start
 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe"
 O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickc​am.exe" /hide
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
 O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilato​r.exe"
 O4 - HKLM\..\Run: [MSN Software] msnsoftware.exe
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
 O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\​XPHWWBP4\plugin\bin\PCHButton.​exe
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Run: [Eraser RiskMonitor] "C:\Program Files\East-Tec Eraser 2008\Launch.exe" "C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe"
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Off​ice10\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - (no file)
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B2​26FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC​2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dl [...] .0.6.5.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {49232000-16E4-426C-A231-62846​947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqem [...] ysinfo.cab
 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-37162​2FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
 O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B​071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPIS [...] anager.CAB
 O16 - DPF: {A526A2C7-723E-4081-BF70-A7A99​13E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqem [...] ysinfo.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O20 - AppInit_DLLs:  sockspy.dll sockspy.dll sockspy.dll sockspy.dll
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​150\Intel 32\IDriverT.exe
 O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
 O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe
 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe

 --
 End of file - 11242 bytes


 ComboFix 08-04-04.1 - Propriétaire 2008-04-05 14:07:09.1 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.2.1252.33.1036.18.145​2 [GMT 2:00]
 Endroit: C:\Documents and Settings\Propriétaire\Bureau\C​omboFix.exe
 * Création d'un nouveau point de restauration
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\WINDOWS\Help\amsxm.ahp
 C:\WINDOWS\Help\mxs.hl
 C:\WINDOWS\system32\AGMTwyay.i​ni
 C:\WINDOWS\system32\AGMTwyay.i​ni2
 C:\WINDOWS\system32\ddcBQgDu.d​ll
 C:\WINDOWS\system32\ljJCrQjK.d​ll
 C:\WINDOWS\system32\ljJDTMFV.d​ll
 C:\WINDOWS\system32\uDgQBcdd.i​ni
 C:\WINDOWS\system32\uDgQBcdd.i​ni2
 E:\Autorun.inf

 .
 (((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-03-05 to 2008-04-05  ))))))))))))))))))))))))))))))​))))))
 .

 2008-04-04 17:25 . 2008-04-04 17:25 <REP> d-------- C:\Program Files\AxBx
 2008-04-04 15:25 . 2008-04-04 15:25 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
 2008-04-04 13:32 . 2008-04-04 13:32 <REP> d-------- C:\Program Files\Spamihilator
 2008-04-04 13:32 . 2008-04-04 18:51 <REP> d-------- C:\Program Files\Opera
 2008-04-04 13:32 . 2008-04-04 13:32 <REP> d-------- C:\Program Files\LimeWire
 2008-04-02 11:12 . 2008-04-04 13:31 <REP> d-------- C:\Program Files\Spamihilator(2)
 2008-04-02 10:02 . 2008-04-02 10:02 <REP> d-------- C:\Program Files\Avira
 2008-04-02 10:02 . 2008-04-02 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
 2008-04-01 17:03 . 2008-04-01 17:03 <REP> d-------- C:\Program Files\Trend Micro
 2008-03-30 20:14 . 2008-03-30 20:16 <REP> d-------- C:\EraseC6C.tmp
 2008-03-30 11:09 . 2008-03-30 10:33 691,545 --a------ C:\WINDOWS\unins000.exe
 2008-03-30 11:09 . 2008-03-30 11:09 2,554 --a------ C:\WINDOWS\unins000.dat
 2008-03-16 17:12 . 2008-03-16 17:12 <REP> d-------- C:\Program Files\FLV Player
 2008-03-15 16:59 . 2008-03-15 16:59 <REP> d-------- C:\Program Files\Panda Security
 2008-03-15 16:45 . 2004-09-21 12:13 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe
 2008-03-15 16:45 . 2004-09-10 11:12 208,896 --------- C:\WINDOWS\alcupd.exe
 2008-03-15 16:45 . 2004-09-07 15:23 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.d​ll
 2008-03-15 16:45 . 2002-02-05 14:54 141,016 --------- C:\WINDOWS\system32\alsndmgr.w​av
 2008-03-15 16:45 . 2004-09-01 21:04 139,264 --------- C:\WINDOWS\alcrmv.exe
 2008-03-15 16:45 . 2004-09-16 21:39 69,632 --------- C:\WINDOWS\soundman.exe
 2008-03-15 16:45 . 2004-09-07 14:47 57,344 --a------ C:\WINDOWS\ALCXMNTR.EXE
 2008-03-15 16:45 . 2004-02-25 19:00 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
 2008-03-15 11:05 . 2008-03-15 11:05 <REP> d-------- C:\IMAGES 2

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-04-05 12:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
 2008-04-05 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2008-04-04 16:52 --------- d-----w C:\Program Files\FreeCommander
 2008-04-04 16:33 --------- d-----w C:\Program Files\eMule
 2008-04-04 16:15 --------- d-----w C:\Program Files\Java
 2008-04-04 12:47 --------- d-----w C:\Program Files\Alwil Software
 2008-04-04 11:32 --------- d-----w C:\Program Files\Yahoo!
 2008-04-04 11:32 --------- d-----w C:\Program Files\RegCleaner
 2008-04-04 11:31 --------- d-----w C:\Program Files\Windows Live
 2008-04-04 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
 2008-03-30 13:29 --------- d-----w C:\Program Files\East-Tec Eraser 2008
 2008-03-30 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
 2008-03-15 14:50 --------- d-----w C:\Program Files\InterVideo
 2008-03-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
 2008-02-27 14:18 --------- d-----w C:\Program Files\Axon Data
 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
 2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
 .

 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 REGEDIT4
 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33FB02D0-CC84-48E6-9250-984A7917D230}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC8E2A91-BE7D-429B-82C2-5412A6E72D0A}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E901B0EE-3557-41CF-A673-F9AF6C84E9B4}]
    C:\WINDOWS\system32\yaywTMGA.d​ll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-19 16:09 15360]
 "swg"="C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2007-06-14 09:00 68856]
 "NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
 "WebCamRT.exe"="" []
 "Acme.PCHButton"="C:\PROGRA~1\​HPPAVI~1\Pavilion\XPHWWBP4\plu​gin\bin\PCHButton.exe" [2003-01-01 20:13 155648]
 "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
 "Eraser RiskMonitor"="C:\Program Files\East-Tec Eraser 2008\Launch.exe" [2008-03-22 15:43 18536]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "hpsysdrv"="c:\windows\system\​hpsysdrv.exe" [1998-05-07 17:04 52736]
 "HotKeysCmds"="C:\WINDOWS\Syst​em32\hkcmd.exe" [2003-04-07 08:07 114688]
 "NvCplDaemon"="C:\WINDOWS\Syst​em32\NvCpl.dll" [2003-08-19 03:56 4841472]
 "VTTimer"="VTTimer.exe" []
 "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
 "Recguard"="C:\WINDOWS\SMINST\​RECGUARD.EXE" [2002-09-13 22:42 212992]
 "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 21:00 335872]
 "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11 139264]
 "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
 "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-31 11:05 98304]
 "nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
 "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
 "UnlockerAssistant"="C:\Progra​m Files\Unlocker\UnlockerAssista​nt.exe" [2006-09-07 19:19 15872]
 "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe" [2006-05-10 11:12 90112]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_05\bin\jus​ched.exe" [2008-02-22 04:25 144784]
 "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
 "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 07:22 118784]
 "NeroFilterCheck"="C:\WINDOWS\​system32\NeroCheck.exe" [2001-07-09 10:50 155648]
 "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
 "Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
 "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1​\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]
 "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\issch.exe" [2004-04-13 07:07 69632]
 "LogitechCommunicationsManager​"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe" [2007-10-25 17:33 563984]
 "LogitechQuickCamRibbon"="C:\P​rogram Files\Logitech\QuickCam\Quickc​am.exe" [2007-10-25 17:37 2178832]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
 "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
 "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
 "Spamihilator"="C:\Program Files\Spamihilator\spamihilato​r.exe" [2008-01-06 13:20 1003520]
 "MSN Software"="msnsoftware.exe" []
 "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-04 15:23 249896]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\ljJDTMFV]
 ljJDTMFV.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\windows]
 "AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "msacm.l3acm"= l3codecp.acm
 "vidc.LEAD"= LCODCCMP.DLL
 "MSVideo8"= VfWWDM32.dll
 "VIDC.MJPG"= Pvmjpg30.dll
 "VIDC.YV12"= yv12vfw.dll
 "msacm.ac3acm"= ac3acm.acm
 "msacm.lameacm"= lameACM.acm
 "MSVideo"= vfwwdm32.dll

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "C:\\Program Files\\eMule\\emule.exe"=
 "C:\\WINDOWS\\system32\\sessmg​r.exe"=
 "C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"​=
 "C:\\Program Files\\Ahead\\Nero\\nero.exe"=
 "C:\\WINDOWS\\PCHealth\\HelpCt​r\\Binaries\\helpctr.exe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"​=
 "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
 "C:\\Program Files\\Spamihilator\\dccproc.e​xe"=
 "C:\\Program Files\\LimeWire\\LimeWire.exe"​=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.​exe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
 "C:\\Program Files\\Messenger\\msmsgs.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"​=

 R1 ATMhelpr;ATMhelpr;C:\WINDOWS\s​ystem32\drivers\ATMhelpr.sys [1997-06-17 04:00]
 R1 MemAlloc;MemAlloc;C:\WINDOWS\s​ystem32\DRIVERS\memalloc.sys [2002-08-26 07:51]
 R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\dr​ivers\bender.sys [2005-08-22 23:11]
 R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRI​VERS\PRISMA00.sys [2003-08-15 00:05]
 R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVER​S\USBSTOR.SYS [2004-08-03 23:08]
 S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DR​IVERS\lstone2k.sys []
 S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Dri​vers\fide.sys [2006-06-11 17:17]
 S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys []
 S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVER​S\usbscan.sys [2004-08-03 22:58]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{413d165​5-9fc3-11da-9df9-000ea63528e6}​]
 \Shell\AutoRun\command - M:\setupSNK.exe

 .
 Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
 "2008-04-05 10:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
 - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPp​romo.exe
 "2008-04-05 12:19:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
 - C:\Program Files\Windows Defender\MpCmdRun.exe
 .
 ******************************​******************************​**************

 catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-04-05 14:17:15
 Windows 5.1.2600 Service Pack 2 NTFS

 Balayage processus cach‚s ...

 Balayage cach‚ autostart entries ...

 Balayage des fichiers cach‚s ...

 Scan termin‚ avec succŠs
 Les fichiers cach‚s: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs a charg‚ sous des processus courants ---------------------

 PROCESS: C:\WINDOWS\explorer.exe
 -> C:\Program Files\Unlocker\UnlockerHook.dl​l
 .
 ------------------------ Other Running Processes ------------------------
 .
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\Program Files\Ahead\InCD\InCDsrv.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Cobian Backup 8\cbService.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\Pinnacle\MediaServer\Mic​rosoft SQL Server\MSSQL$PINNACLESYS\Binn\​sqlservr.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
 C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIMa​nager.exe
 .
 ******************************​******************************​**************
 .
 Temps d'accomplissement: 2008-04-05 14:22:37 - machine was rebooted
 ComboFix-quarantined-files.txt  2008-04-05 12:22:32
 Pre-Run: 59,998,208,000 octets libres
 Post-Run: 59,897,901,056 octets libres
 .
 2008-03-26 17:53:47 --- E O F ---


 j'ai aussi ce message depuis ce matin a l'ouverture de Windows sur le bureau:
 Windows - pas de disque
 Exception Processing Message C0000013 Parameters 75afbf9c 4 75afbf9c 75afbf9c
 "Annuler" "Recommencer" "Continuer"
 qu'est ce que cela veut  dire ?
 merci d'avance





(Publicité)
  1. homepage
med365
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 05/04/2008 à 14:03:56  
 
Salut

 OK Télécharge VundoFix : http://www.atribune.org/ passe le et post le rapport

franseve
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 05/04/2008 à 14:57:19  
 
Vundofix a bien réalisé un "scan" du PC.
 j'ai eu 1 message qui m'a semblé dire qu'il n'avait rien trouvé.
 mais aucun "rapport" ne s'est affiché, ou alors il est enregistré qqe part
 a +

franseve
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 05/04/2008 à 15:11:06  
 
j'ai refait un scan et voila les 2 messages obtenus:
 "Done Searching for files"
 "Done Searching for files.Not infected files were found"

 qu'en est-il de mon message a l'ouverture de Windows?

 merci . a +

  1. homepage
med365
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 05/04/2008 à 15:39:30  
 
Surement une conséquence de l'infection.

 Antivir détecte-il toujours Vundo ?

 Télécharge ComboFix (créé par sUBs) sur ton Bureau



 
  • Désactive ton antivirus

 
  • Double clique combofix.exe.

 
  • Tape sur la touche Y (Yes) pour démarrer le scan.

 
  • ComboFix redémarrera ton PC

 
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis



 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 Ensuite télécharge installe puis mets à jour AVG Antispyware : http://www.ewido.net/ scanne et poste le rapport.

 Pour ton infection MSN, on va vérifier qu'il ne reste plus de traces :

 Télécharges MSNFix.zip (de !aur3n7) sur ton bureau:

 http://sosvirus.changelog.fr/MSNFix.zip



 Décompresses-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.

 - Exécutez l'option R.

 -- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage



 Note :

 Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal



 - Le rapport sera enregistré dans le méme dossier que MSNFix sous forme date_heure.txt poste le.

 A+

franseve
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 06/04/2008 à 08:56:49  
 
Au redémarrage du PC je n'ai pas eu de message de ANTIVIR concernant "Vundo"
 Précisions :j'ai effectué 3 scans sans problémes, mais quand j'ai scanné avec "Combofix" le PC a "ramer"!!!
 il a mis près de 2h pour le scan et ensuite près de 2h pour le rapport !!!!
 je l'ai laisser tourner tte la nuit et rien n'a changé, je pensais ne jamais récupéré le rapport.
 A chaque "clic" sur la souris il fallait attendre entre 5 et 10 mn une réaction du PC. J'ai ensuite arréter le PC avec la touche "marche/arret"
 Depuis des années que j'ai un PC c'est la 1ere fois que je vois une telle réaction dfe l'ordi.
 ci-joint les 4 rapports d'analyse, AVG,Hitjackthis, msnfix et combofix
 et merci pour tes conseils.

 AVG Anti-Spyware - Rapport d'analyse
 ------------------------------​---------------------------

 + Créé à: 15:39:02 05/02/2008

 + Résultat de l'analyse:  



 C:\Program Files\NewMediaCodec -> Adware.Generic : Nettoyé.
 C:\Program Files\NewMediaCodec\install.ic​o -> Adware.Generic : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
 C:\Documents and Settings\Propriétaire\Cookies\​propriétaire@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


 Fin du rapport

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 18:42:44, on 05/04/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16608)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Ahead\InCD\InCDsrv.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Cobian Backup 8\cbService.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\Pinnacle\MediaServer\Mic​rosoft SQL Server\MSSQL$PINNACLESYS\Binn\​sqlservr.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\windows\system\hpsysdrv.exe
 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 C:\Program Files\Multimedia Card Reader\shwicon2k.exe
 C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\Program Files\Unlocker\UnlockerAssista​nt.exe
 C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe
 C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 C:\Program Files\Cobian Backup 8\cbInterface.exe
 C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
 C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\issch.exe
 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe
 C:\Program Files\Logitech\QuickCam\Quickc​am.exe
 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
 C:\HP\KBD\KBD.EXE
 C:\WINDOWS\ALCXMNTR.EXE
 C:\Program Files\Spamihilator\spamihilato​r.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
 C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIMa​nager.exe
 C:\WINDOWS\system32\wscntfy.ex​e
 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e
 \?\C:\WINDOWS\system32\WBEM\WM​IADAP.EXE

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://aliceadsl.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKCU\Software\Microsoft\Intern​et Connection Wizard,ShellNext = http://192.168.1.1/
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar3.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: (no name) - {E901B0EE-3557-41CF-A673-F9AF6​C84E9B4} - C:\WINDOWS\system32\yaywTMGA.d​ll (file missing)
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar3.dl​l
 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
 O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
 O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
 O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
 O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssista​nt.exe"
 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\​UPDATE~1\isuspm.exe -startup
 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\issch.exe" -start
 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe"
 O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickc​am.exe" /hide
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
 O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilato​r.exe"
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
 O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\​XPHWWBP4\plugin\bin\PCHButton.​exe
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Run: [Eraser RiskMonitor] "C:\Program Files\East-Tec Eraser 2008\Launch.exe" "C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe"
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Off​ice10\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - (no file)
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B2​26FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC​2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dl [...] .0.6.5.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {49232000-16E4-426C-A231-62846​947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqem [...] ysinfo.cab
 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-37162​2FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
 O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B​071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPIS [...] anager.CAB
 O16 - DPF: {A526A2C7-723E-4081-BF70-A7A99​13E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqem [...] ysinfo.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O20 - AppInit_DLLs:  sockspy.dll sockspy.dll sockspy.dll sockspy.dll
 O20 - Winlogon Notify: ljJDTMFV - ljJDTMFV.dll (file missing)
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​150\Intel 32\IDriverT.exe
 O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
 O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe
 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe

 --
 End of file - 12406 bytes

 MSNFix 1.695  
 
 C:\Documents and Settings\Propri‚taire\Bureau\M​SNFix
 Fix exécuté le 05/04/2008 - 18:32:54.01 By Propri‚taire
 mode normal


 ************************ Recherche les fichiers présents


 ... C:\WINDOWS\system32\IALMCOIN.D​LL
 
 ************************ Recherche les dossiers présents      
 
 ... \TEMP\
 
 
 
 
 ************************ Suppression des fichiers


 /!\ ...  C:\WINDOWS\system32\IALMCOIN.D​LL    
 
 
 ************************ Suppression des dossiers      
 
 /!\ ...  \TEMP\  
 
 
 ************************ Nettoyage du registre
 
 
 
 Les fichiers encore présents seront supprimés au prochain redémarrage
 
 
 ************************ Suppression des fichiers


 .. OK ... C:\WINDOWS\system32\IALMCOIN.D​LL  
 
 
 
 ************************ Fichiers suspects
 
 Aucun Fichier trouvé
 
 
 Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05042008_183832.42.zip
 
 ************************ HKLM\...\Winlogon\Userinit
 
 Userinit = C:\WINDOWS\system32\userinit.e​xe,


 ------------------------------​------------------------------​------------  
 Auteur : !aur3n7                     Contact: http://changelog.fr    
 ------------------------------​------------------------------​------------  
 
 ------------------------------​---------------   END   ------------------------------​---------------

 ComboFix 08-04-04.1 - Propriétaire 2008-04-05 18:45:14.2 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.1466 [GMT 2:00]
 Endroit: C:\Documents and Settings\Propriétaire\Bureau\C​omboFix.exe
 .

 (((((((((((((((((((((((((((((   Fichiers créés 2008-03-05 to 2008-04-05  ))))))))))))))))))))))))))))))​))))))
 .

 2008-04-05 15:38 . 2008-04-05 15:38 <REP> d-------- C:\VundoFix Backups
 2008-04-04 17:25 . 2008-04-04 17:25 <REP> d-------- C:\Program Files\AxBx
 2008-04-04 15:25 . 2008-04-04 15:25 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
 2008-04-04 13:32 . 2008-04-04 13:32 <REP> d-------- C:\Program Files\Spamihilator
 2008-04-02 11:12 . 2008-04-04 13:31 <REP> d-------- C:\Program Files\Spamihilator(2)
 2008-04-02 10:02 . 2008-04-02 10:02 <REP> d-------- C:\Program Files\Avira
 2008-04-02 10:02 . 2008-04-02 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
 2008-04-01 17:03 . 2008-04-01 17:03 <REP> d-------- C:\Program Files\Trend Micro
 2008-03-30 20:14 . 2008-03-30 20:16 <REP> d-------- C:\EraseC6C.tmp
 2008-03-30 11:09 . 2008-03-30 10:33 691,545 --a------ C:\WINDOWS\unins000.exe
 2008-03-30 11:09 . 2008-03-30 11:09 2,554 --a------ C:\WINDOWS\unins000.dat
 2008-03-27 18:53 . 2008-04-05 14:00 <REP> d-------- C:\Documents and Settings\Propriétaire\Applicat​ion Data\Spamihilator
 2008-03-16 17:12 . 2008-03-16 17:12 <REP> d-------- C:\Program Files\FLV Player
 2008-03-15 16:59 . 2008-03-15 16:59 <REP> d-------- C:\Program Files\Panda Security
 2008-03-15 16:45 . 2004-09-21 12:13 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe
 2008-03-15 16:45 . 2004-09-10 11:12 208,896 --------- C:\WINDOWS\alcupd.exe
 2008-03-15 16:45 . 2004-09-07 15:23 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.d​ll
 2008-03-15 16:45 . 2002-02-05 14:54 141,016 --------- C:\WINDOWS\system32\alsndmgr.w​av
 2008-03-15 16:45 . 2004-09-01 21:04 139,264 --------- C:\WINDOWS\alcrmv.exe
 2008-03-15 16:45 . 2004-09-16 21:39 69,632 --------- C:\WINDOWS\soundman.exe
 2008-03-15 16:45 . 2004-09-07 14:47 57,344 --a------ C:\WINDOWS\ALCXMNTR.EXE
 2008-03-15 16:45 . 2004-02-25 19:00 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
 2008-03-15 11:05 . 2008-03-15 11:05 <REP> d-------- C:\IMAGES 2

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-04-05 16:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
 2008-04-05 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2008-04-05 13:57 47,088 ----a-w C:\Documents and Settings\Propriétaire\Applicat​ion Data\wklnhst.dat
 2008-04-04 16:52 --------- d-----w C:\Program Files\FreeCommander
 2008-04-04 16:33 --------- d-----w C:\Program Files\eMule
 2008-04-04 16:15 --------- d-----w C:\Program Files\Java
 2008-04-04 12:47 --------- d-----w C:\Program Files\Alwil Software
 2008-04-04 11:32 --------- d-----w C:\Program Files\Yahoo!
 2008-04-04 11:32 --------- d-----w C:\Program Files\RegCleaner
 2008-04-04 11:31 --------- d-----w C:\Program Files\Windows Live
 2008-04-04 11:31 --------- d-----w C:\Documents and Settings\Propriétaire\Applicat​ion Data\SPAMfighter
 2008-04-04 11:31 --------- d-----w C:\Documents and Settings\Propriétaire\Applicat​ion Data\LimeWire
 2008-04-04 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
 2008-03-30 13:29 --------- d-----w C:\Program Files\East-Tec Eraser 2008
 2008-03-30 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
 2008-03-15 14:50 --------- d-----w C:\Program Files\InterVideo
 2008-03-15 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
 2008-02-27 14:18 --------- d-----w C:\Program Files\Axon Data
 2008-02-17 13:08 70,568 ----a-w C:\Documents and Settings\Propriétaire\Applicat​ion Data\GDIPFONTCACHEV1.DAT
 2008-01-06 11:11 679,936 ----a-w C:\WINDOWS\system32\spsplib1.d​ll
 2007-04-14 15:00 47,360 ----a-w C:\Documents and Settings\Propriétaire\Applicat​ion Data\pcouffin.sys
 2006-04-01 19:26 31 ----a-w C:\Documents and Settings\Propriétaire\getfile.​dat
 2006-04-01 19:26 31 ----a-w C:\Documents and Settings\Propriétaire\getfile.​dat
 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
 2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
 .

 (((((((((((((((((((((((((((((   snapshot@2008-04-05_14.22.15.9​6   ))))))))))))))))))))))))))))))​)))))))))))
 .
 - 2008-04-05 12:04:36 71,816 ----a-w C:\WINDOWS\system32\perfc009.d​at
 + 2008-04-05 16:42:45 71,816 ----a-w C:\WINDOWS\system32\perfc009.d​at
 - 2008-04-05 12:04:36 85,524 ----a-w C:\WINDOWS\system32\perfc00C.d​at
 + 2008-04-05 16:42:45 85,524 ----a-w C:\WINDOWS\system32\perfc00C.d​at
 - 2008-04-05 12:04:36 425,500 ----a-w C:\WINDOWS\system32\perfh009.d​at
 + 2008-04-05 16:42:45 425,500 ----a-w C:\WINDOWS\system32\perfh009.d​at
 - 2008-04-05 12:04:36 493,696 ----a-w C:\WINDOWS\system32\perfh00C.d​at
 + 2008-04-05 16:42:45 493,696 ----a-w C:\WINDOWS\system32\perfh00C.d​at
 + 2008-04-05 16:38:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfda​ta_64c.dat
 .
 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 REGEDIT4
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E901B0EE-3557-41CF-A673-F9AF6C84E9B4}]
    C:\WINDOWS\system32\yaywTMGA.d​ll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-19 16:09 15360]
 "swg"="C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2007-06-14 09:00 68856]
 "NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
 "WebCamRT.exe"="" []
 "Acme.PCHButton"="C:\PROGRA~1\​HPPAVI~1\Pavilion\XPHWWBP4\plu​gin\bin\PCHButton.exe" [2003-01-01 20:13 155648]
 "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
 "Eraser RiskMonitor"="C:\Program Files\East-Tec Eraser 2008\Launch.exe" [2008-03-22 15:43 18536]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "hpsysdrv"="c:\windows\system\​hpsysdrv.exe" [1998-05-07 17:04 52736]
 "HotKeysCmds"="C:\WINDOWS\Syst​em32\hkcmd.exe" [2003-04-07 08:07 114688]
 "NvCplDaemon"="C:\WINDOWS\Syst​em32\NvCpl.dll" [2003-08-19 03:56 4841472]
 "VTTimer"="VTTimer.exe" []
 "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
 "Recguard"="C:\WINDOWS\SMINST\​RECGUARD.EXE" [2002-09-13 22:42 212992]
 "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 21:00 335872]
 "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11 139264]
 "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
 "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-31 11:05 98304]
 "nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
 "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
 "UnlockerAssistant"="C:\Progra​m Files\Unlocker\UnlockerAssista​nt.exe" [2006-09-07 19:19 15872]
 "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.​exe" [2006-05-10 11:12 90112]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_05\bin\jus​ched.exe" [2008-02-22 04:25 144784]
 "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 07:22 118784]
 "NeroFilterCheck"="C:\WINDOWS\​system32\NeroCheck.exe" [2001-07-09 10:50 155648]
 "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
 "Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
 "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1​\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]
 "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\issch.exe" [2004-04-13 07:07 69632]
 "LogitechCommunicationsManager​"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe" [2007-10-25 17:33 563984]
 "LogitechQuickCamRibbon"="C:\P​rogram Files\Logitech\QuickCam\Quickc​am.exe" [2007-10-25 17:37 2178832]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
 "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
 "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
 "Spamihilator"="C:\Program Files\Spamihilator\spamihilato​r.exe" [2008-01-06 13:20 1003520]
 "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-04 15:23 249896]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\ljJDTMFV]
 ljJDTMFV.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\windows]
 "AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "msacm.l3acm"= l3codecp.acm
 "vidc.LEAD"= LCODCCMP.DLL
 "MSVideo8"= VfWWDM32.dll
 "VIDC.MJPG"= Pvmjpg30.dll
 "VIDC.YV12"= yv12vfw.dll
 "msacm.ac3acm"= ac3acm.acm
 "msacm.lameacm"= lameACM.acm
 "MSVideo"= vfwwdm32.dll

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "C:\\Program Files\\eMule\\emule.exe"=
 "C:\\WINDOWS\\system32\\sessmg​r.exe"=
 "C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"​=
 "C:\\Program Files\\Ahead\\Nero\\nero.exe"=
 "C:\\WINDOWS\\PCHealth\\HelpCt​r\\Binaries\\helpctr.exe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"​=
 "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
 "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
 "C:\\Program Files\\Spamihilator\\dccproc.e​xe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.​exe"=
 "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
 "C:\\Program Files\\Messenger\\msmsgs.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"​=


 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{413d165​5-9fc3-11da-9df9-000ea63528e6}​]
 \Shell\AutoRun\command - M:\setupSNK.exe

 .
 Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
 "2008-04-05 18:00:58 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
 - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPp​romo.exe
 "2008-04-05 17:10:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
 - C:\Program Files\Windows Defender\MpCmdRun.exe
 .
 ******************************​******************************​**************

 catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-04-05 19:57:45
 Windows 5.1.2600 Service Pack 2 NTFS

 Balayage processus cachés ...

 Balayage caché autostart entries ...

 Balayage des fichiers cachés ...

 Scan terminé avec succès
 Les fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs a chargé sous des processus courants ---------------------

 PROCESS: C:\WINDOWS\explorer.exe
 -> C:\Program Files\Unlocker\UnlockerHook.dl​l
 .
 Temps d'accomplissement: 2008-04-05 22:23:12
 ComboFix-quarantined-files.txt  2008-04-05 20:03:50
 ComboFix2.txt  2008-04-05 12:22:38
 Pre-Run: 60,124,315,648 octets libres
 Post-Run: 60,112,064,512 octets libres
 .
 2008-03-26 17:53:47 --- E O F ---  




franseve
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 06/04/2008 à 10:37:25  
 
ci-joint dernier scan de ANTIVIR

 AntiVir PersonalEdition Classic
 Report file date: dimanche 6 avril 2008  10:12

 Scanning for 1181591 virus strains and unwanted programs.

 Licensed to:      Avira AntiVir PersonalEdition Classic
 Serial number:    0000149996-ADJIE-0001
 Platform:         Windows XP
 Windows version:  (Service Pack 2)  [5.1.2600]
 Username:         SYSTEM
 Computer name:    KINETJP

 Version information:
 BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
 AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 12:16:29
 AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 11:23:51
 LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 14:32:47
 LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 11:35:20
 ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 13:27:15
 ANTIVIR1.VDF : 7.0.3.2     5447168 Bytes  07/03/2008 08:03:31
 ANTIVIR2.VDF : 7.0.3.85     434176 Bytes  27/03/2008 08:03:31
 ANTIVIR3.VDF : 7.0.3.122    195072 Bytes  05/04/2008 08:09:49
 AVEWIN32.DLL : 7.6.0.81    3424768 Bytes  04/04/2008 18:22:36
 AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 09:36:26
 AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 06:39:17
 AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 12:16:24
 AVPACK32.DLL : 7.6.0.3      360488 Bytes  04/04/2008 13:23:34
 AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 06:17:06
 AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 11:26:33
 AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 06:10:18
 NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 10:09:42
 RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 11:38:13
 RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 11:50:37
 SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 08:37:21

 Configuration settings for the scan:
 Jobname.......................​...: Complete system scan
 Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
 Logging.......................​...: low
 Primary action...................: interactive
 Secondary action.................: ignore
 Scan master boot sector..........: off
 Scan boot sector.................: on
 Boot sectors.....................: E:,
 Scan memory......................: on
 Process scan.....................: on
 Scan registry....................: on
 Search for rootkits..............: off
 Scan all files...................: Intelligent file selection
 Scan archives....................: on
 Recursion depth..................: 20
 Smart extensions.................: on
 Macro heuristic..................: on
 File heuristic...................: medium

 Start of the scan: dimanche 6 avril 2008  10:12

 The scan of running processes will be started
 Scan process 'avscan.exe' - '1' Module(s) have been scanned
 Scan process 'avcenter.exe' - '1' Module(s) have been scanned
 Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
 Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
 Scan process 'hprblog.exe' - '1' Module(s) have been scanned
 Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
 Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
 Scan process 'alg.exe' - '1' Module(s) have been scanned
 Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'etRiskMon.exe' - '1' Module(s) have been scanned
 Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
 Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
 Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
 Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
 Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
 Scan process 'avgnt.exe' - '1' Module(s) have been scanned
 Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
 Scan process 'spamihilator.exe' - '1' Module(s) have been scanned
 Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
 Scan process 'cbService.exe' - '1' Module(s) have been scanned
 Scan process 'kbd.exe' - '1' Module(s) have been scanned
 Scan process 'guard.exe' - '1' Module(s) have been scanned
 Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
 Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
 Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
 Scan process 'sched.exe' - '1' Module(s) have been scanned
 Scan process 'issch.exe' - '1' Module(s) have been scanned
 Scan process 'cbInterface.exe' - '1' Module(s) have been scanned
 Scan process 'avgas.exe' - '1' Module(s) have been scanned
 Scan process 'fwsrv.exe' - '1' Module(s) have been scanned
 Scan process 'jusched.exe' - '1' Module(s) have been scanned
 Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
 Scan process 'InCD.exe' - '1' Module(s) have been scanned
 Scan process 'qttask.exe' - '1' Module(s) have been scanned
 Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
 Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned
 Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
 Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
 Scan process 'explorer.exe' - '1' Module(s) have been scanned
 Scan process 'avguard.exe' - '1' Module(s) have been scanned
 Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
 Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
 Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
 Scan process 'lsass.exe' - '1' Module(s) have been scanned
 Scan process 'services.exe' - '1' Module(s) have been scanned
 Scan process 'winlogon.exe' - '1' Module(s) have been scanned
 Scan process 'csrss.exe' - '1' Module(s) have been scanned
 Scan process 'smss.exe' - '1' Module(s) have been scanned
 57 processes with 57 modules were scanned

 Start scanning boot sectors:
 Boot sector 'C:\'

[NOTE]      No virus was found!
 Boot sector 'D:\'

[NOTE]      No virus was found!
 Boot sector 'E:\'

[NOTE]      No virus was found!

 Starting to scan the registry.
 The registry was scanned ( '41' files ).


 Starting the file scan:

 Begin scan in 'C:\' <JP KINET 01>
 C:\hiberfil.sys

[WARNING]   The file could not be opened!
 C:\pagefile.sys

[WARNING]   The file could not be opened!
 C:\QooBox\Quarantine\C\WINDOWS​\system32\ddcBQgDu.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[INFO]      The file was moved to '485b90b5.qua'!
 C:\QooBox\Quarantine\C\WINDOWS​\system32\ljJDTMFV.dll.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[INFO]      The file was moved to '484290bf.qua'!
 C:\System Volume Information\_restore{D2B56700-​B650-4C30-8071-D5EC1FCE58BB}\R​P292\A0081541.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[INFO]      The file was moved to '482891ca.qua'!
 C:\System Volume Information\_restore{D2B56700-​B650-4C30-8071-D5EC1FCE58BB}\R​P292\A0081542.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[INFO]      The file was moved to '482891cd.qua'!
 Begin scan in 'D:\' <KINET JP 02>
 Begin scan in 'E:\' <HP_RECOVERY>


 End of the scan: dimanche 6 avril 2008  11:23
 Used time:  1:11:08 min

 The scan has been done completely.

8971 Scanning directories
 589217 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned
 589213 Files not concerned
  19677 Archives were scanned

2 Warnings

2 Notes

franseve
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 08/04/2008 à 16:51:02  
 
A Med 365 ..
 je n'ai pas de réponse de ta part sur mes dernieres analyses
 je n'ai pas pu les communiquer des que tu me les a demandées car j'ai eu des soucis de scan (tu liras mes commentaires; 4h de scan avec combofix)
 depuis j'ai eu "bug" sur mon PC qui m'a obligé a tout reformater !!!!
 c'est la vie !!!
 a  bientot

  1. homepage
med365
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 11/04/2008 à 19:28:21  
 
Je suis désolé de ne pas avoir pu répondre avant mais je n'ai pas accès au web en semaine. Concernant ton ordi c'est vraiment dommage et j'aurais été très heureux de t'aider. Je vais quand même soummetre ton cas au créateur de comboxfix.

 A+

 Page :
1

Aller à :