Virtumonde et Win32.bho.dfRésolu/Fermé

Question

Bonjour,

Je n'arrive pas a me debartasser de Virtumonde et Win32.bho.df, ils reviennent sans cesse.  Spybot les trouve et "corrige les problemes" mais un scan juste apres les trouve de nouveau.  J'ai appliquer 4 ou 5 methodes decritent sur le forum, mais rien n'y fait.

Est ce qu'un ame charitable pourrait m'aider ?

D'avance merci.

Regis59 · Answer

Bienvenue sur le forum d’entraide de CommentCaMarche.net 

Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
Merci de votre compréhension.

Télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 

Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre-le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
	
Lance le puis: 
Clique sur "do a system scan and save logfile" (cf démo) 
Faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/demohijack.htm
	
Bon courage

A+

toxic · Answer

Bonjour, 

Logfile of HijackThis v1.99.1
Scan saved at 15:40:05, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\himeup\Himeup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7484BDEC-6A0B-41D7-92D0-0EB8C1E6D535} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [6300af56] rundll32.exe "C:\WINDOWS\system32\btctruqk.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://fr.shopping.rakuten.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0046B4D.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe

toxic · Answer

Bonjour, 

je viens de scanner avec VundoFix v6.5.11 et il ne trouve rien.

toxic · Answer

Bonjour, 

Je viens de finir la procedure : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#2 me m thode virtumundobegone a la lettre.  

Spybot ne me detecte plus Virtumonde ni Win32.bho.df mais maintenant "LSA" qui n'etait pas detecte avant ? hummm ?

Regis59 · Answer

Re

Télécharge Combofix sUBs : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

toxic · Answer

Bonjour, ComboFix 07-11-05.2 - HP_Propriétaire 2007-11-05 18:19:13.1 - NTFSx86 MINIMAL Running from: J:\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip C:\Documents and Settings\HP_Propriétaire\Application Data\inst.exe C:\Documents and Settings\HP_Propriétaire\Favoris\Online Security Guide.lnk C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl eadme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\BestsellerAntivirus C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\p2pnetworks C:\Program Files\p2pnetworks\amp2pl.exe C:\WINDOWS\764.exe C:\WINDOWS\aconti.exe C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\cookies.ini C:\WINDOWS\daxtime.dll C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\flt.dll C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.dll C:\WINDOWS\kkcomp.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.dll C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.dll C:\WINDOWS\liqui.exe C:\WINDOWS gd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\.exe C:\WINDOWS\system32\__c0046B4D.dat C:\WINDOWS\system32\abadd.bak1 C:\WINDOWS\system32\abadd.ini C:\WINDOWS\system32\aybeg.bak1 C:\WINDOWS\system32\aybeg.ini C:\WINDOWS\system32\btctruqk.dll C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak2 C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\drivers\bg_bg.gif C:\WINDOWS\system32\drivers\blank.gif C:\WINDOWS\system32\drivers\box_1.gif C:\WINDOWS\system32\drivers\box_2.gif C:\WINDOWS\system32\drivers\box_3.gif C:\WINDOWS\system32\drivers\button_buynow.gif C:\WINDOWS\system32\drivers\button_freescan.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\close_ico.gif C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\download_box.gif C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\footer_back.jpg C:\WINDOWS\system32\drivers\header_1.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_3.gif C:\WINDOWS\system32\drivers\header_4.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\icon_warning_big.gif C:\WINDOWS\system32\drivers\infected.gif C:\WINDOWS\system32\drivers\main_back.gif C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg C:\WINDOWS\system32\drivers\product_1_header.gif C:\WINDOWS\system32\drivers\product_1_name_small.gif C:\WINDOWS\system32\drivers\product_2_header.gif C:\WINDOWS\system32\drivers\product_2_name_small.gif C:\WINDOWS\system32\drivers\product_3_header.gif C:\WINDOWS\system32\drivers\product_3_name_small.gif C:\WINDOWS\system32\drivers\product_features.gif C:\WINDOWS\system32\drivers ating.gif C:\WINDOWS\system32\drivers emove_spyware_header.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sep_hor.gif C:\WINDOWS\system32\drivers\sep_vert.gif C:\WINDOWS\system32\drivers\shadow.jpg C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\spy_away_box.jpg C:\WINDOWS\system32\drivers\spyware_detected.gif C:\WINDOWS\system32\drivers\star.gif C:\WINDOWS\system32\drivers\star_gray.gif C:\WINDOWS\system32\drivers\star_gray_small.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\drivers\v.gif C:\WINDOWS\system32\drivers\warning_ico.gif C:\WINDOWS\system32\drivers\warning_icon.gif C:\WINDOWS\system32\drivers\win_logo.gif C:\WINDOWS\system32\drivers\x.gif C:\WINDOWS\system32\drivers\yellow_warning_ico.gif C:\WINDOWS\system32\efhkj.bak1 C:\WINDOWS\system32\efhkj.ini C:\WINDOWS\system32\ESHOPEE.exe C:\WINDOWS\system32\fgjlm.bak1 C:\WINDOWS\system32\fgjlm.bak2 C:\WINDOWS\system32\fgjlm.ini C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.bak2 C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\gtv_sd.bin C:\WINDOWS\system32\ijllm.bak1 C:\WINDOWS\system32\ijllm.ini C:\WINDOWS\system32\jjkmp.bak1 C:\WINDOWS\system32\jjkmp.ini C:\WINDOWS\system32\jlnmp.bak1 C:\WINDOWS\system32\jlnmp.ini C:\WINDOWS\system32\kjjlm.bak1 C:\WINDOWS\system32\kjjlm.bak2 C:\WINDOWS\system32\kjjlm.ini C:\WINDOWS\system32\kqurtctb.ini C:\WINDOWS\system32\ldvvwbpj.dllbox C:\WINDOWS\system32\llnmp.bak1 C:\WINDOWS\system32\llnmp.ini C:\WINDOWS\system32\msole32.exe C:\WINDOWS\system32 nnmp.bak1 C:\WINDOWS\system32 nnmp.ini C:\WINDOWS\system32\oqtwa.bak1 C:\WINDOWS\system32\oqtwa.ini C:\WINDOWS\system32\pmnnn.dll C:\WINDOWS\system32\pyxuswos.dll C:\WINDOWS\system32 tutv.bak1 C:\WINDOWS\system32 tutv.ini C:\WINDOWS\system32\sojapemd.dllbox C:\WINDOWS\system32 ttss.bak1 C:\WINDOWS\system32 ttss.ini C:\WINDOWS\system32 vvwa.bak1 C:\WINDOWS\system32 vvwa.ini C:\WINDOWS\system32\vxddsk.exe C:\WINDOWS\system32\xbadd.bak1 C:\WINDOWS\system32\xbadd.ini C:\WINDOWS\system32\xyadd.bak1 C:\WINDOWS\system32\xyadd.ini C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\vxddsk.exe C:\WINDOWS\wml.exe C:\WINDOWS\xadbrk.dll C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))))))) . 2007-11-04 20:20 d-------- C:\VundoFix Backups 2007-11-04 20:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-02 20:21 2,046 --a------ C:\WINDOWS\system32 mp.reg 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\WINDOWS 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Modèles 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-02 10:54 d-------- C:\WINDOWS\system32\acespy 2007-11-01 11:35 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin 2007-11-01 11:13 123,910 --a------ C:\WINDOWS\system32\vvgeowbv.exe 2007-11-01 11:13 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll 2007-10-21 16:46 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-10-08 21:18 d-------- C:\Program Files\Windows Defender 2007-10-08 11:23 4 --a------ C:\WINDOWS\system32\stfv.bin . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-02 09:52 --------- d-----w C:\Program Files\Google 2007-10-25 14:52 --------- d-----w C:\Program Files\Yahoo! 2007-10-25 14:51 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys 2007-10-25 14:51 --------- d-----w C:\Program Files\VSO 2007-10-25 14:51 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Vso 2007-10-21 12:06 --------- d-----w C:\Program Files\Java 2007-09-20 06:16 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\dvdcss 2007-09-18 07:06 --------- d-----w C:\Program Files\DAMN NFO Viewer 2007-09-17 13:40 35,856 ----a-w C:\WINDOWS\system32\drivers mpreflt.sys 2007-09-17 13:40 202,768 ----a-w C:\WINDOWS\system32\drivers mxpflt.sys 2007-09-17 13:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys 2007-09-15 07:55 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SlySoft 2007-04-04 14:10 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe 2006-09-21 19:29 49,312 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}] 2007-11-01 11:13 21504 --a------ C:\WINDOWS\system32\aivskurq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 00:35] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 14:14] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2004-10-27 11:05] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-05 22:02:15] C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\ PrintKey 2000 Fr.lnk - C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe [2001-06-25 20:14:14] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnn.dll R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers bhsd.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-05 17:27:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-11-05 08:19:06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6AB4B7A7-3B21-4EBB-A540-D461A3B1A342}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-05 18:28:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\TEMP scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2007-11-05 18:29:29 - machine was rebooted . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 19:16:55, on 05/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1 mproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\HP_Propriétaire\Bureau\himeup\Himeup.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: https://fr.shopping.rakuten.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1 mproxy.exe

Regis59 · Answer

Salut

Clique ici:
http://siri.urz.free.fr/upload

Met le lien du sujet puis clique sur parcourir et recherche ceci:
C:\WINDOWS\system32\aivskurq.dll 

Puis envoyer!

A+

toxic · Answer

Bonjour, 
en fait je ne sais pas uploader directement le fichier, car le pc infecte n'est pas celui que j'utilise pour me connecter a internet.  Donc je copie ce fichier "aivskurq.dll" du pc infecte (dont l'anti virus est Pc cillin) sur une clef puis de la clef sur mon pc qui est connecte a internet (antivirus : Avira).  A peine la clef inseree Avira me detecte un trojan horse TR/Crypt.FKM.Gen dans ce fameux fichier aivskurq.dll.

Est ce que je dois ignorer Avira et l'uploader quand meme ? (je veux pas infecte mon pc Saint !!!)

merci pour ton aide regis.

toxic · Answer

Bonjour, 

donc suite a ca, gros soupcons sur l'efficacite de Pc cillin, je le desinstalle et installe Avira.  Je lance le scan, a 53% il a deja detecte et effece 87 virus/trojans !  Pc cillin c'est du foutage de gueule ou quoi ?!

Regis59 · Answer

Re,

lol
Oui upload le quand meme sauf que sur le 1er pc, tu le zip le fichier et met un mot de passe dessu: INFECTED
Comme ca, sur ton pc, tu auras aucun risque et tu envoie le fichier zip.

En tout cas, au moins on sait ce que c'est, a supprimer ;-)

toxi · Answer

Bonjour, 

Le fichier aivskurq.rar a été copié.

Taille: 17940
MD5: 4C59A02FB729B95E68234DEE79C6BEEE
SHA-1: 4D0F89400DF2CFEE33807532DDBC5B3EEA5BF702

toxic · Answer

Rapport Avira : AntiVir PersonalEdition Classic Report file date: lundi 5 novembre 2007 21:09 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ALEX Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 5 novembre 2007 21:09 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'Printkey 2000 Fr.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 31 processes with 31 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'J:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '23' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\HP_Propriétaire\Bureau\backups\backup-20071025-172635-545.dll [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '47927917.qua'! C:\Program Files\eMule\Incoming\4GL v7.30.UC6 serial keygen.zip [0] Archive type: ZIP --> 4GL v7.30.UC6.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\AceHTML PRO v5.07.0 by EMBRACE serial keygen.zip [0] Archive type: ZIP --> AceHTML PRO v5.07.0 by EMBRACE.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Adobe Mpeg Encoder Activation Code For Premiere Pro serial keygen.zip [0] Archive type: ZIP --> Adobe Mpeg Encoder Activation Code For Premiere Pro.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Advanced System Optimizer v2.01 serial keygen.zip [0] Archive type: ZIP --> Advanced System Optimizer v2.01.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Ahead Nero Burning Rom v6.3.0.6 serial keygen.zip [0] Archive type: ZIP --> Ahead Nero Burning Rom v6.3.0.6.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Alien Vs Predator 2 serial keygen.zip [0] Archive type: ZIP --> Alien Vs Predator 2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\ALTRIS CAD CONNECT FOR DOC-CONTROLER V8.2 serial keygen.zip [0] Archive type: ZIP --> ALTRIS CAD CONNECT FOR DOC-CONTROLER V8.2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Anti-Porn v4.2.7.3 serial keygen.zip [0] Archive type: ZIP --> Anti-Porn v4.2.7.3.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\AoA DVD Ripper v3.30 serial keygen.zip [0] Archive type: ZIP --> AoA DVD Ripper v3.30.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Automatic Jigsaw Puzzle v1.10 serial keygen.zip [0] Archive type: ZIP --> Automatic Jigsaw Puzzle v1.10.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Avast! Professional Edition v4.5.549 serial keygen.zip [0] Archive type: ZIP --> Avast! Professional Edition v4.5.549.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Battlefield 1942 Cd Key By Daniel Sim DSP serial keygen.zip [0] Archive type: ZIP --> Battlefield 1942 Cd Key By Daniel Sim DSP.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Battlefield 2 Works Online serial keygen.zip [0] Archive type: ZIP --> Battlefield 2 Works Online.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Belltech Label Maker v1.3 by FFF serial keygen.zip [0] Archive type: ZIP --> Belltech Label Maker v1.3 by FFF.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Billionaire II v1.03 serial keygen.zip [0] Archive type: ZIP --> Billionaire II v1.03.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\BitDefender Edition Professionnelle 8 serial keygen.zip [0] Archive type: ZIP --> BitDefender Edition Professionnelle 8.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\BlasterMaster v62 serial keygen.zip [0] Archive type: ZIP --> BlasterMaster v62.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Boot Protect 98 v4.0 serial keygen.zip [0] Archive type: ZIP --> Boot Protect 98 v4.0.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Cakewalk Music Creator v2.2.2 Final serial keygen.zip [0] Archive type: ZIP --> Cakewalk Music Creator v2.2.2 Final.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Call of Duty Extension serial keygen.zip [0] Archive type: ZIP --> Call of Duty Extension.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Creative Suite 2 Premium Edition serial keygen.zip [0] Archive type: ZIP --> Creative Suite 2 Premium Edition.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Cubase SX for WinXP v1.0 serial keygen.zip [0] Archive type: ZIP --> Cubase SX for WinXP v1.0.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\DameWare NT Utilities v4.5 serial keygen.zip [0] Archive type: ZIP --> DameWare NT Utilities v4.5.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Digital Photo Slide Show 2002 serial keygen.zip [0] Archive type: ZIP --> Digital Photo Slide Show 2002.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\DLSoft dBarcode Java Aztec v1.00 serial keygen.zip [0] Archive type: ZIP --> DLSoft dBarcode Java Aztec v1.00.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\DoorStop v2.0 serial keygen.zip [0] Archive type: ZIP --> DoorStop v2.0.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Dreamweaver MX 2004 v7.01 serial keygen.zip [0] Archive type: ZIP --> Dreamweaver MX 2004 v7.01.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\DVD To DIVX VCD Ripper V3.0.0.6 serial keygen.zip [0] Archive type: ZIP --> DVD To DIVX VCD Ripper V3.0.0.6.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\DVD X Copy Platinum V3.2.1 serial keygen.zip [0] Archive type: ZIP --> DVD X Copy Platinum V3.2.1.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\EditPlus v2.12 Build 181 serial keygen.zip [0] Archive type: ZIP --> EditPlus v2.12 Build 181.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Exe Warpper v2.1 serial keygen.zip [0] Archive type: ZIP --> Exe Warpper v2.1.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\FARCRY External Internet Login by HiX serial keygen.zip [0] Archive type: ZIP --> FARCRY External Internet Login by HiX.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Fine Print 2000 v4.80 WinNT-2000-XP serial keygen.zip [0] Archive type: ZIP --> Fine Print 2000 v4.80 WinNT-2000-XP.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Fine Reader v1.0 PRO serial keygen.zip [0] Archive type: ZIP --> Fine Reader v1.0 PRO.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Firegraphic XP v3.53.271 serial keygen.zip [0] Archive type: ZIP --> Firegraphic XP v3.53.271.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\FlashFXP v3.0.2.1045 Final serial keygen.zip [0] Archive type: ZIP --> FlashFXP v3.0.2.1045 Final.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\FSUIPC V v3.11 serial keygen.zip [0] Archive type: ZIP --> FSUIPC V v3.11.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\GetDataBack - Data Recovery for NTFS V2.25 by REVENGE serial keygen.zip [0] Archive type: ZIP --> GetDataBack - Data Recovery for NTFS V2.25 by REVENGE.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Harry Potter and the Prisoner of Azkaban 3 serial keygen.zip [0] Archive type: ZIP --> Harry Potter and the Prisoner of Azkaban 3.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\II WorkSchedule v5.15 serial keygen.zip [0] Archive type: ZIP --> II WorkSchedule v5.15.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\ImTOO AVI MPEG Converter v2.1.16 Build 1213b serial keygen.zip [0] Archive type: ZIP --> ImTOO AVI MPEG Converter v2.1.16 Build 1213b.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Internet WatchDog v4.0c serial keygen.zip [0] Archive type: ZIP --> Internet WatchDog v4.0c.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\InterVideo WinDVD Platinum v5.0.26.007c serial keygen.zip [0] Archive type: ZIP --> InterVideo WinDVD Platinum v5.0.26.007c.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Its Time v2.8 serial keygen.zip [0] Archive type: ZIP --> Its Time v2.8.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Kerio Personal Firewall v4.1.00 Beta 6 serial keygen.zip [0] Archive type: ZIP --> Kerio Personal Firewall v4.1.00 Beta 6.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Macromedia Dreamweaver MX 2004 v7.0 serial keygen.zip [0] Archive type: ZIP --> Macromedia Dreamweaver MX 2004 v7.0.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Magic Wallpaper Organizer "Leshiy" v1.16 by REVENGE serial keygen.zip [0] Archive type: ZIP --> Magic Wallpaper Organizer "Leshiy" v1.16 by REVENGE.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\MatrixMania Screensaver v2.5 serial keygen.zip [0] Archive type: ZIP --> MatrixMania Screensaver v2.5.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\MetaProducts Web Studio v4.2.234 serial keygen.zip [0] Archive type: ZIP --> MetaProducts Web Studio v4.2.234.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Microsoft Office Mac v x MAC OS X serial keygen.zip [0] Archive type: ZIP --> Microsoft Office Mac v x MAC OS X.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Mini Macro v2.8.3 serial keygen.zip [0] Archive type: ZIP --> Mini Macro v2.8.3.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\MPEGable X4 Live v2.2.4 serial keygen.zip [0] Archive type: ZIP --> MPEGable X4 Live v2.2.4.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Mshits Office Professional v2003 serial keygen.zip [0] Archive type: ZIP --> Mshits Office Professional v2003.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Nero Burning Rom v5.5.7.9 serial keygen.zip [0] Archive type: ZIP --> Nero Burning Rom v5.5.7.9.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Net-Executive Orbits Screensaver v1.0.0 1 serial keygen.zip [0] Archive type: ZIP --> Net-Executive Orbits Screensaver v1.0.0 1.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming ever winter nights serial keygen.zip [0] Archive type: ZIP --> never winter nights.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Norton Personal Firewall serial keygen.zip [0] Archive type: ZIP --> Norton Personal Firewall.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\OpenNT Server serial keygen.zip [0] Archive type: ZIP --> OpenNT Server.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Painter 6 serial keygen.zip [0] Archive type: ZIP --> Painter 6.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\PicaLoader v1.4 serial keygen.zip [0] Archive type: ZIP --> PicaLoader v1.4.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\ProCall v2 2 serial keygen.zip [0] Archive type: ZIP --> ProCall v2 2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Quicktime 6 Pro serial keygen.zip [0] Archive type: ZIP --> Quicktime 6 Pro.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\QuickTime v5.0.1 serial keygen.zip [0] Archive type: ZIP --> QuickTime v5.0.1.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\REALbasic v5.5.3 Professional serial keygen.zip [0] Archive type: ZIP --> REALbasic v5.5.3 Professional.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Registry Mechanic v3.0.0.28 serial keygen.zip [0] Archive type: ZIP --> Registry Mechanic v3.0.0.28.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Right Click Image Converter v2.2.0 serial keygen.zip [0] Archive type: ZIP --> Right Click Image Converter v2.2.0.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Screen Saver Construction Set v2.0.25a serial keygen.zip [0] Archive type: ZIP --> Screen Saver Construction Set v2.0.25a.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\SNEgCheck v1.3 serial keygen.zip [0] Archive type: ZIP --> SNEgCheck v1.3.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Sonic MyDVD Deluxe v5.2.2 serial keygen.zip [0] Archive type: ZIP --> Sonic MyDVD Deluxe v5.2.2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Star craft original serial keygen.zip [0] Archive type: ZIP --> Star craft original.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Steganos Internet Anonym Pro v7.0.4 serial keygen.zip [0] Archive type: ZIP --> Steganos Internet Anonym Pro v7.0.4.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Tototurbo v1.0 serial keygen.zip [0] Archive type: ZIP --> Tototurbo v1.0.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\VueScan Professional Edition v1.6.69 serial keygen.zip [0] Archive type: ZIP --> VueScan Professional Edition v1.6.69.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Vulcan City Distance 97 v1.12 serial keygen.zip [0] Archive type: ZIP --> Vulcan City Distance 97 v1.12.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\WinBoost v4.84 by CHiCNCREAM serial keygen.zip [0] Archive type: ZIP --> WinBoost v4.84 by CHiCNCREAM.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Windows 2000 Pro Final serial keygen.zip [0] Archive type: ZIP --> Windows 2000 Pro Final.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Windows Media Center Edition serial keygen.zip [0] Archive type: ZIP --> Windows Media Center Edition.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Windows Server 2003 Standard Edition PL serial keygen.zip [0] Archive type: ZIP --> Windows Server 2003 Standard Edition PL.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Windows xp pro fr serial keygen.zip [0] Archive type: ZIP --> Windows xp pro fr.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Windows XP Pro. 2600 serial keygen.zip [0] Archive type: ZIP --> Windows XP Pro. 2600.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Windows XP v5.1.2600 1031 serial keygen.zip [0] Archive type: ZIP --> Windows XP v5.1.2600 1031.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\WinMPG Video Converter v5.2 serial keygen.zip [0] Archive type: ZIP --> WinMPG Video Converter v5.2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Winzip 9 Final serial keygen.zip [0] Archive type: ZIP --> Winzip 9 Final.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Wusage v8.0 P38 serial keygen.zip [0] Archive type: ZIP --> Wusage v8.0 P38.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\Program Files\eMule\Incoming\Xara 3D v6.00 serial keygen.zip [0] Archive type: ZIP --> Xara 3D v6.00.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was deleted! C:\qoobox\Quarantine\catchme2007-11-05_182812.65.zip [0] Archive type: ZIP --> __c0046B4D.dat [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was deleted! C:\qoobox\Quarantine\C\WINDOWS\system32\.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [INFO] The file was deleted! C:\qoobox\Quarantine\C\WINDOWS\system32\pmnnn.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was deleted! C:\qoobox\Quarantine\C\WINDOWS\system32\pyxuswos.dll.vir [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '47a77e11.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\__c0046B4D.dat.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP3\A0000202.dll [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '475f7dd1.qua'! C:\WINDOWS\system32\aivskurq.dll [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [INFO] The file was deleted! C:\WINDOWS\system32\vvgeowbv.exe [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [INFO] The file was deleted! Begin scan in 'D:\' Begin scan in 'J:\' End of the scan: lundi 5 novembre 2007 21:49 Used time: 40:13 min The scan has been done completely. 5032 Scanning directories 471544 Files were scanned 90 viruses and/or unwanted programs were found 4 Files were classified as suspicious: 91 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 471454 Files not concerned 15085 Archives were scanned 2 Warnings 0 Notes Je rappelle qu'AVIRA est gratuit et fonctionne du tonerre et que Pc cillin est PAYANT et ne trouve absolument rien. Le monde a l'envers.

Regis59 · Answer

LOL

Bon résumons:

1-

PCCillin, tu l 'as desinstallé vu que tu me donnes un scan d antivir? Qu'as tu fais comme changement?

2-

Je vois que tu craques pas mal, vu les keygens! Es tu conscient des risques?
Si nous desinfections, tu vas de toute facon revenir dans une semaine parce que tu auras chopé qqchose en telechargeant des cracks ! Est ce utile de ce fait de t'aider alors que des personnes plus "sérieuses" ne prennent pas ces risques et on aussi besoin d aide?

Je t'avoue le 2- c'est pour te faire comprendre que cracker, c est bien, mais tu risques gros, tres gros.

A+

toxic · Answer

Tu te trompes, j'ai decouvert ces fichiers en regardant le resultat du scan.  Je ne dis pas que je lave plus blanc que blanc il m'est deja arrive d'aller chercher un truc ou l'autre, mais tous ces cracks, je ne les ai pas downloades.  Je n'ai meme pas ni n'ai jamais entendu parler des 3/4 de ces programmes !  J'ai installe emule et je ne vois que par la que ca a pu arriver.  Je comprends pas, je ne l'ai ai jamais telecharger, comment ont il pu arriver la ?  

Bref pour revenir a la question 1 j'ai juste desinstalle pc cillin et installe antivir a la place.  Fais un scan complet.

Regis59 · Answer

Salut

Pourtant ils sont bien dans le dossier Incoming.
Supprime tous les keygens.

Et remet un Hijackthis+combofix.

A+

toxic · Answer

Logfile of HijackThis v1.99.1
Scan saved at 13:33:35, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\himeup\Himeup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://fr.shopping.rakuten.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Logfile of HijackThis v1.99.1
Scan saved at 13:33:35, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\himeup\Himeup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://fr.shopping.rakuten.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

toxic · Answer

oops desole 2x le hi jack this voici le combofix : ComboFix 07-11-06.4 - HP_Propriétaire 2007-11-06 13:37:23.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.505 [GMT 1:00] Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))))))) . 2007-11-06 08:22 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-11-06 08:22 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-11-06 08:21 d-------- C:\WINDOWS\system32\ZoneLabs 2007-11-06 08:21 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-11-06 08:20 d-------- C:\WINDOWS\Internet Logs 2007-11-05 21:08 d-------- C:\Program Files\Avira 2007-11-05 21:08 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-05 18:34 d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft 2007-11-05 18:34 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-05 18:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-04 20:20 d-------- C:\VundoFix Backups 2007-11-04 20:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-02 20:21 2,046 --a------ C:\WINDOWS\system32 mp.reg 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\WINDOWS 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Modèles 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-02 15:22 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-02 10:54 d-------- C:\WINDOWS\system32\acespy 2007-11-01 11:35 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin 2007-10-21 16:46 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-10-08 21:18 d-------- C:\Program Files\Windows Defender 2007-10-08 11:23 4 --a------ C:\WINDOWS\system32\stfv.bin . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-06 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-06 00:37 --------- d-----w C:\Program Files\Opera 9 2007-11-02 09:52 --------- d-----w C:\Program Files\Google 2007-10-25 14:52 --------- d-----w C:\Program Files\Yahoo! 2007-10-25 14:51 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys 2007-10-25 14:51 --------- d-----w C:\Program Files\VSO 2007-10-25 14:51 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Vso 2007-10-21 12:06 --------- d-----w C:\Program Files\Java 2007-09-20 06:16 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\dvdcss 2007-09-18 07:06 --------- d-----w C:\Program Files\DAMN NFO Viewer 2007-09-15 07:55 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SlySoft 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 09:59 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 09:59 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 09:59 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 09:59 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 09:59 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 09:59 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 09:59 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 09:59 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 09:59 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 09:59 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 09:59 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 09:59 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 09:59 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:22 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:22 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-04-04 14:10 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe 2006-09-21 19:29 49,312 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT 2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-05_18.28.56.28 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2007-11-06 07:56:46 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys + 2007-06-21 20:54:26 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll + 2007-06-21 20:54:30 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll + 2007-06-21 20:54:52 394,984 ----a-w C:\WINDOWS\system32\vsdatant.sys + 2007-06-21 20:54:32 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll + 2007-06-21 20:54:32 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll + 2007-06-21 20:54:32 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll + 2007-06-21 20:54:32 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll + 2007-06-21 20:54:34 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll + 2007-06-21 20:54:34 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll + 2007-06-21 20:54:34 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll + 2007-06-21 20:54:34 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll + 2007-06-21 20:54:34 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll + 2007-06-21 20:54:24 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll + 2007-06-21 20:55:26 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll + 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll + 2007-06-21 20:54:24 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll + 2007-06-21 20:54:26 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll + 2007-06-21 20:55:26 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll + 2007-06-21 20:55:28 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll + 2007-06-21 20:54:54 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll + 2007-06-21 20:54:54 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll + 2007-06-21 20:54:54 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll + 2007-06-21 20:56:16 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins pc_server pc_server.dll + 2007-06-21 20:56:16 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2007-11-06 07:59:58 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll + 2007-11-06 07:59:58 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll + 2007-06-21 20:54:28 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll + 2007-11-06 08:00:16 6,564,543 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2007-11-06 08:00:01 6,463,239 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat + 2007-11-06 07:59:58 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll + 2007-11-06 07:59:58 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys + 2007-06-21 20:54:28 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll + 2007-06-21 20:56:16 210,432 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2007-11-06 07:59:57 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2007-06-21 20:54:46 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe + 2007-06-21 20:55:30 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll + 2007-06-21 20:54:30 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll + 2007-06-21 20:54:30 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll + 2007-06-21 20:54:46 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe + 2007-06-21 20:55:30 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll + 2007-06-21 20:54:32 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll + 2007-06-21 20:54:32 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll + 2007-06-21 20:55:30 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll + 2007-06-21 20:54:34 243,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll + 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat + 2007-06-21 20:54:36 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll + 2007-06-21 20:54:36 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll + 2007-06-21 20:55:32 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll + 2007-06-21 20:54:36 378,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll + 2007-06-21 20:55:32 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll + 2007-06-21 20:54:36 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 00:35] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 14:14] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-06 08:56] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-05 22:02:15] C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\ PrintKey 2000 Fr.lnk - C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe [2001-06-25 20:14:14] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe" R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers bhsd.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-06 12:31:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-11-06 07:15:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6AB4B7A7-3B21-4EBB-A540-D461A3B1A342}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-06 14:09:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\poof] . Completion time: 2007-11-06 14:10:18 C:\ComboFix2.txt ... 2007-11-05 18:29 . --- E O F ---

Regis59 · Answer

Re

Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner

- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

hill · Answer

salut kan je telecharge combofix et je  lexecute y me di ke ce nest pa une aplication win32valide comment je dois procerder please

Regis59 · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt

Virtumonde et Win32.bho.df

20 réponses

Discussions similaires

Newsletters