![]()
VundoFix V6.7.7
Checking Java version...
Scan started at 18:30:10 18/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\iiffdcc.dll
C:\WINDOWS\system32\tuvvwxx.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\iiffdcc.dll
C:\WINDOWS\system32\iiffdcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvvwxx.dll
C:\WINDOWS\system32\tuvvwxx.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tuvvwxx.dll
C:\WINDOWS\system32\tuvvwxx.dll Could not be deleted.
Performing Repairs to the registry.
Done!
le rapport VunDofix que j'avais oublié *
Bonsoir,
Je ne peux plus venir aussi souvent sur le forum que auparavant, tu vas donc devoir patienter entre chacune de mes réponses. Si tu es encore là, fais moi un nouveau log Hijackthis.
Re,
Apparemment le problème semble résolu. J'ai utilisé ComboFix puis plus rien depuis plus de 24 heures ...
Rapport HJT :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:50, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0
9.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0
9.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program
Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0
A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198626071515
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D431A0C8-98B6-4
60C-AAD6-BD9072B2CD1C}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5769 bytes
Bonsoir,
C'était une bonne idée d'utiliser Combofix. En mode sans échec j'espère. Poste mon son rapport situé ici : C:\Combofix.txt
Effectivement le log HijackThis est clean, pour terminer fais ceci :
Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
-> Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
-> Enfin, clique sur Outils, puis Démarrage et supprime toutes les clés inutiles qui se lancent au démarrage de ton PC, c'est à dire tout sauf ta connexion Internet, ton antivirus, ton antispy, ton pare feu etc ...
Désactives ta restauration système :
Clique droit sur poste de travail / propriétés / onglet restauration du système : coche la case "désactiver la restauration système sur tous les lecteurs."
Clique sur "Appliquer", et "ok".
Avast est bien trop lent à intégrer les nouvelles infections, voire ce lien pour plus d‘info‘
http://forum.malekal.com/ftopic3123.php
Ainsi, je te conseille très vivement de le désinstaller pour Antivir, qui lui est très performant. Désinstalle-le avec ceci :
http://www.avast.com/fre/e/avast-uninstall-utility.html
Puis télécharge et installe Antivir :
http://www.clubic.com/telecharger-fiche10821-antivir-personal-edition-7.html
Tuto : http://www.malekal.com/tutorial_antivir.php
- Ensuite mets-le à jour et vérifie la date d'update.
- Redémarre en mode sans échec : redémarre l'ordinateur, avant le logo Windows, appuie sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.
- Lance Antivir.
- Cliques sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan et mets en quarantaine tout ce qu‘il trouve.
- Une fois le scan terminé Enregistre le rapport sur le bureau.
- Redémarre en mode normal et poste le rapport ici.
Puis réactive ta restauration système :
Clique droit sur poste de travail / propriétés / onglet restauration du système : décoche la case "désactiver la restauration système sur tous les lecteurs."
Clique sur "Appliquer", et "ok".
Ensuite crée un nouveau point de restauration :
Menu démarrer / tous les programmes / accessoires / outils système / restauration du système / "créer un nouveau point de restauration"
Bonne soirée ++
RAPPORT COMBOFIX :
ComboFix 08-01-09.2 - Administrateur 2008-01-19 15:42:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1549 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\mrofinu2000351.exe
C:\WINDOWS\system32\tuvvwxx.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 15:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-19 15:30 . 2008-01-19 15:30 <REP> d-------- C:\Program Files\CCleaner
2008-01-18 18:30 . 2008-01-18 19:08 <REP> d-------- C:\VundoFix Backups
2008-01-18 15:40 . 2008-01-18 15:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 22:49 . 2008-01-18 13:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 18:39 . 2008-01-17 18:41 <REP> d-------- C:\Program Files\Panda Security
2008-01-16 16:40 . 2008-01-16 16:40 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-16 16:37 . 2008-01-16
16:37 36,864 --a------ C:\WINDOWS\mrofinu2000351.e
xe.tmp
2008-01-15 20:03 . 2005-05-26
15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx
9_26.dll
2008-01-08 23:19 . 2008-01-08 23:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-01-08 23:17 . 2008-01-08 23:17 <REP> d-------- C:\Program Files\VideoLAN
2008-01-07 00:28 . 2008-01-16 20:18 <REP> d-------- C:\Documents and Settings\Administrateur\Shared
2008-01-07 00:28 . 2008-01-17 22:28 <REP> d-------- C:\Documents and Settings\Administrateur\Incomplete
2008-01-07 00:28 . 2008-01-16 20:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-01-07 00:27 . 2008-01-07 00:27 <REP> d-------- C:\Program Files\LimeWire
2008-01-07 00:06 . 2008-01-07 00:06 <REP> d-------- C:\Program Files\HP
2008-01-07 00:04 . 2008-01-07 00:06 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-01-07 00:04 . 2006-01-07
05:26 491,520 --a------ C:\WINDOWS\system32\hphmon
05.exe
2008-01-04 20:10 . 2008-01-19 15:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\StarOffice8
2008-01-04 19:37 . 2008-01-04 19:37 <REP> d-------- C:\Program Files\Sun
2008-01-04 18:57 . 2008-01-08 22:17 <REP> d-------- C:\Program Files\Google
2008-01-04 16:16 . 2008-01-04 16:16 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-04 16:16 . 2008-01-04 16:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab
2008-01-04 16:15 . 2008-01-04 16:15 <REP> d-------- C:\WINDOWS\Sun
2008-01-04 16:10 . 2008-01-04 19:37 <REP> d-------- C:\Program Files\Java
2008-01-04 16:10 . 2007-09-24
23:31 69,632 --a------ C:\WINDOWS\system32\javacpl
.cpl
2008-01-04 16:09 . 2008-01-04 16:09 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-01-03 13:45 . 2004-08-04
07:08 31,616 --a------ C:\WINDOWS\system32\drivers
\usbccgp.sys
2008-01-03 13:45 . 2004-08-04
07:08 31,616 --a--c--- C:\WINDOWS\system32\dllcach
e\usbccgp.sys
2008-01-03 13:45 . 2004-08-04
07:01 25,856 --a------ C:\WINDOWS\system32\drivers
\usbprint.sys
2008-01-03 13:45 . 2004-08-04
07:01 25,856 --a--c--- C:\WINDOWS\system32\dllcach
e\usbprint.sys
2008-01-02 18:24 . 2008-01-02 18:24 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-01-02 18:24 . 2008-01-02
18:24 107,888 --a------ C:\WINDOWS\system32\CmdLin
eExt.dll
2008-01-02 18:20 . 2008-01-02 18:20 22,328 --a------ C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2008-01-02 18:09 . 2008-01-15 19:53 <REP> d-------- C:\Program Files\Electronic Arts
2007-12-28 17:16 . 2007-12-28 17:55 <REP> d-------- C:\Program Files\WowCartographe
2007-12-28 16:57 . 2007-12-28 16:57 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2007-12-28 16:11 . 2006-05-03
22:53 174,592 --a------ C:\WINDOWS\system32\framed
yn.dll
2007-12-28 16:10 . 2007-12-28
16:10 <REP> d-------- C:\WINDOWS\system32\Samsung_
USB_Drivers
2007-12-28 16:10 . 2005-08-30
01:49 94,000 --a------ C:\WINDOWS\system32\drivers
\ssm_mdm.sys
2007-12-28 16:10 . 2005-08-30
01:47 58,320 --a------ C:\WINDOWS\system32\drivers
\ssm_bus.sys
2007-12-28 16:10 . 2005-08-30
01:49 8,336 --a------ C:\WINDOWS\system32\drivers\
ssm_mdfl.sys
2007-12-28 16:10 . 2005-08-30
01:49 6,176 --a------ C:\WINDOWS\system32\drivers\
ssm_cmnt.sys
2007-12-28 16:10 . 2005-08-30
01:49 6,176 --a------ C:\WINDOWS\system32\drivers\
ssm_cm.sys
2007-12-28 16:10 . 2005-08-30
01:47 5,840 --a------ C:\WINDOWS\system32\drivers\
ssm_whnt.sys
2007-12-28 16:10 . 2005-08-30
01:47 5,840 --a------ C:\WINDOWS\system32\drivers\
ssm_wh.sys
2007-12-28 16:10 . 2005-08-28
20:51 766 --a------ C:\WINDOWS\system32\Uninstall.
ico
2007-12-28 16:09 . 2007-12-28 16:09 <REP> d-------- C:\Program Files\Samsung
2007-12-28 16:09 . 2006-07-24
16:05 5,632 --a------ C:\WINDOWS\system32\drivers\
StarOpen.sys
2007-12-28 16:07 . 2008-01-03 14:05 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-27 17:42 . 2007-12-29 16:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
2007-12-27 17:41 . 2007-12-27 17:43 <REP> d-------- C:\Program Files\FileZilla Client
2007-12-27 01:03 . 2007-12-27 01:03 <REP> d-------- C:\Program Files\DivX
2007-12-27 01:03 . 2008-01-17 18:39 2,133 --a------ C:\WINDOWS\mozver.dat
2007-12-26 20:09 . 2001-08-23
17:04 12,288 --a------ C:\WINDOWS\system32\drivers
\mouhid.sys
2007-12-26 20:09 . 2001-08-23
17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcach
e\mouhid.sys
2007-12-26 20:08 . 2001-08-17
22:02 9,600 --a------ C:\WINDOWS\system32\drivers\
hidusb.sys
2007-12-26 20:08 . 2001-08-17
22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache
\hidusb.sys
2007-12-26 19:20 . 2007-12-26 19:20 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-26 19:20 . 2007-12-29 22:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2007-12-26 19:20 . 2007-12-26
19:20 34,064 --a------ C:\WINDOWS\system32\lhacm.a
cm
2007-12-26 16:28 . 2007-07-09
14:11 584,192 -----c--- C:\WINDOWS\system32\dllcac
he\rpcrt4.dll
2007-12-26 02:27 . 2007-12-26
02:28 5,376 --a------ C:\WINDOWS\BricoPackFoldersD
elete.cmd
2007-12-26 02:13 . 2007-12-26 02:13 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-26 02:13 . 2007-12-28 16:11 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-26 01:59 . 2007-12-26 01:59 <REP> d-------- C:\WINDOWS\provisioning
2007-12-26 01:59 . 2007-12-26 01:59 <REP> d-------- C:\WINDOWS\peernet
2007-12-26 01:58 . 2007-12-26
01:58 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-12-26 01:56 . 2007-12-26 01:59 <REP> d-------- C:\WINDOWS\EHome
2007-12-26 01:53 . 2002-04-15
21:11 67,866 --------- C:\WINDOWS\system32\drivers
\netwlan5.img
2007-12-26 01:53 . 2004-08-19
16:10 11,776 --------- C:\WINDOWS\system32\spnpins
t.exe
2007-12-26 01:53 . 2004-08-02
14:20 7,208 --------- C:\WINDOWS\system32\secupd.s
ig
2007-12-26 01:53 . 2004-08-02
14:20 4,569 --------- C:\WINDOWS\system32\secupd.d
at
2007-12-26 00:58 . 2004-12-19
23:00 111,104 --a------ C:\WINDOWS\system32\uharc.
exe
2007-12-26 00:58 . 2004-09-03
23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2007-12-26 00:58 . 2005-01-28 01:49 111 --a------ C:\WINDOWS\system32\winx.url
2007-12-26 00:56 . 2005-10-20
23:25 1,097,728 --a------ C:\WINDOWS\system32\esen
t.dll
2007-12-26 00:54 . 2007-12-26 00:54 <REP> d-------- C:\Program Files\TGTSoft
2007-12-26 00:44 . 2007-12-26 00:44 <REP> d-------- C:\WINDOWS\system32\bits
2007-12-26 00:44 . 2008-01-08 21:42 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-12-26 00:43 . 2004-08-20
00:09 351,232 --a------ C:\WINDOWS\system32\winhtt
p.dll
2007-12-26 00:43 . 2004-08-20
00:09 18,944 --a------ C:\WINDOWS\system32\qmgrprx
y.dll
2007-12-26 00:43 . 2004-08-20
00:09 8,192 --------- C:\WINDOWS\system32\bitsprx2
.dll
2007-12-26 00:43 . 2004-08-20
00:09 7,168 --------- C:\WINDOWS\system32\bitsprx3
.dll
2007-12-26 00:41 . 2007-07-30
19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.
dll
2007-12-26 00:41 . 2007-07-30
19:19 325,976 --a------ C:\WINDOWS\system32\wucltu
i.dll
2007-12-26 00:41 . 2007-07-30
19:19 215,896 --a------ C:\WINDOWS\system32\wuaucp
l.cpl
2007-12-26 00:41 . 2007-07-30
19:19 43,352 --a------ C:\WINDOWS\system32\wups2.d
ll
2007-12-26 00:41 . 2007-07-30
19:19 38,232 --a------ C:\WINDOWS\system32\wucltui
.dll.mui
2007-12-26 00:41 . 2007-07-30
19:18 33,624 --a------ C:\WINDOWS\system32\wups.dl
l
2007-12-26 00:41 . 2007-07-30
19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl
.cpl.mui
2007-12-26 00:41 . 2007-07-30
19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.d
ll.mui
2007-12-26 00:41 . 2007-07-30
19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng
.dll.mui
2007-12-26 00:33 . 2007-12-26 00:33 <REP> d-------- C:\Program Files\Alwil Software
2007-12-25 19:37 . 2008-01-19 15:44 <REP> d-------- C:\Program Files\Steam
2007-12-25 00:33 . 2007-12-25 00:33 <REP> d-------- C:\WINDOWS\system32\Lang
2007-12-25 00:33 . 2007-12-25
00:33 940,794 --a------ C:\WINDOWS\system32\LoopyM
usic.wav
2007-12-25 00:33 . 2007-12-25
00:33 146,650 --a------ C:\WINDOWS\system32\Buzzin
gBee.wav
2007-12-25 00:31 . 2007-12-25 00:31 <REP> d-------- C:\WUTemp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18
22:39 22,328 ----a-w C:\WINDOWS\system32\drivers\P
nkBstrK.sys
2007-12-26
01:28 72,104 ----a-w C:\WINDOWS\BricoPackUninst.cm
d
2007-12-24 23:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-24 16:31 --------- d-----w C:\Program Files\Lavalys
2007-12-24 15:52 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-24 15:51 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-24 15:50 --------- d-----w C:\Program Files\Services en ligne
2007-12-24 15:46 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-24 15:46 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-05
16:30 4,632,576 ----a-w C:\WINDOWS\system32\driver
s\RtkHDAud.sys
2007-12-05
00:41 7,435,392 ----a-w C:\WINDOWS\system32\driver
s\nv4_mini.sys
2007-12-04
14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\a
swmon.sys
2007-12-04
14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\a
swmon2.sys
2007-12-04
14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\a
swRdr.sys
2007-12-04
14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\a
swTdi.sys
2007-12-04
14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\a
avmker4.sys
2007-11-30 17:42 16,858,624 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-11-20 17:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-11-07 16:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91262C60-DD10-46FA-A09B-AE14902ECA11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-25 19:37 1266936]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-16 16:40 61440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll"
[2007-12-05 01:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 18:42 16858624 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
[2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HPDJ Taskbar
Utility"="C:\WINDOWS\system32\spool\drivers\w32x86
\3\hpztsb09.exe" [2006-01-07 05:26 176128]
"HPHUPD05"="C:\Program
Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0
A3B8475C4E}\hphupd05.exe" [2006-01-07 05:26 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 05:26 491520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-16 15:37:05 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-01-16 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-01-16 15:37:05 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-01-16 15:40:50 C:\WINDOWS\Tasks\At4.job"
- C:\Documents
"2008-01-16 19:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\Documents
"2008-01-16 15:40:50 C:\WINDOWS\Tasks\At6.job"
- C:\Documents
"2008-01-18 23:06:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program
Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A
3B8475C4E}\pexpress\hphped05.exe
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 15:44:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-01-19 15:46:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 14:46:05
.
2008-01-08 20:43:57 --- E O F ---
Pour CCleaner c'est OK.
Désactivation du système de restauration, c'est OK.
Installation d'Antivir, c'est en cours.
En tout cas, merci de m'avoir consacré un peu de ton temps pour m'aider à résoudre mes problèmes Evilelf !
![]()
RAPPORT ANTIVIR :
AntiVir PersonalEdition Classic
Report file date: lundi 21 janvier 2008 20:48
Scanning for 1060579 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RITCHY-W0TJPJSC
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:03:56
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 19:03:56
ANTIVIR3.VDF : 7.0.2.25 271360 Bytes 21/01/2008 19:03:56
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 21/01/2008 19:03:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 21/01/2008 19:03:56
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 21 janvier 2008 20:48
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
23 processes with 23 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '18' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47fdf7f6.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '480ef7ed.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '4802fee5.qua'!
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was moved to '4806ff82.qua'!
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was moved to '47c6ff4e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\mrofinu2000351.exe.
vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4803ff8f.qua'!
C:\WINDOWS\mrofinu2000351.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4803ff92.qua'!
End of the scan: lundi 21 janvier 2008 21:29
Used time: 41:21 min
The scan has been done completely.
3528 Scanning directories
320190 Files were scanned
5 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
320185 Files not concerned
2282 Archives were scanned
1 Warnings
0 Notes
Bon j'ai eu pas mal de petits trojans il me semble, tous mis en quarantaine et supprimé.
Par contre, impossible de lancer le mode sans echec, le curseur de la souris ne bouge pas quand je suis dessus. J'ai essayé la souris optique (branchement usb) et la souris à boule (branchement avec le gros truc vert^^) et le curseur ne bouge toujours pas. J'ai donc fait le scan en mode normal...
Je réactive la restauration système & je crée un nouveau point de restauration.
Bonsoir,
Dommage pour le mode sans échec.
Pour finir, fais ceci :
Télécharge Tools Cleaner sur ton bureau.
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Plus de souci ?
Depuis Combofix, le virus semble avoir disparu.
Je fais le scan Tools Cleaner dès que possible.