Infection par virus

bonjour à tous,

J’ai choppé un virus sur le net au détour d’un exécutable (mise à jour version adobe reader… un truc dans le genre et je sais pas pourquoi j’ai cliquer !!! le con !) et depuis AVAST est en panique j’ai un fond d’écran pourri ! le message d’avast est le suivant :

Cheval de troie
Win32:Agent-ZXU [Trj]

et régulièrement une fenêtre : antivirus xp 2008 s’ouvre !

J’ai consulté le forum, et j’ai donc téléchargé le logiciel : hijackthis et voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:32, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\oxqvupgh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.club-vaio.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM…\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM…\Run: [VAIO Update 2] “C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” /Stationary
O4 - HKLM…\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM…\Run: [PrepareYourVAIO] C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe
O4 - HKLM…\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [OfcpfwSvcs.exe] C:\WINDOWS\system32\OfcpfwSvcs.exe
O4 - HKLM…\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM…\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM…\Run: [SSBkgdUpdate] “C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM…\Run: [OpwareSE4] “C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe”
O4 - HKLM…\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM…\Run: [t] C:\WINDOWS\system32\t.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [lphc3f8j0eaaa] C:\WINDOWS\system32\lphc3f8j0eaaa.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\MSMSGS.EXE” /background
O4 - HKCU…\Run: [InfoMon] C:\WINDOWS\system32\oxqvupgh.exe
O4 - HKLM…\Policies\Explorer\Run: [eKp8XOlhXr] C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Lancement rapide d’Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted Zone: click.getmirar.com… (HKLM)
O15 - Trusted Zone: click.mirarsearch.com… (HKLM)
O15 - Trusted Zone: redirect.mirarsearch.com… (HKLM)
O15 - Trusted Zone: awbeta.net-nucleus.com… (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com…
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - awbeta.net-nucleus.com…
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - www.tellmemorecampus.com…
O21 - SSODL: SysMntUi - {33028A21-D4D8-E4F7-EED9-03D365E75136} - C:\Program Files\kyuzgub\SysMntUi.dll
O23 - Service: Print Spooler Service (aawc6iua1dohi8k) - Unknown owner - C:\WINDOWS\system32\t.exe (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

–
End of file - 14231 bytes

enfin c’est un bloc note qui s’ouvre seul aprés avoir fait SCAN

Merci d’avance pour votre aide !!

PL

Salut

Fait un scan complet avec malwarebyes antimalware, supprime les détection et colle le rapport

Décrit moi ton fond d’écran stp

ben ya du boulot

a fixer

:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe

C:\WINDOWS\system32\lphc3f8j0eaaa.exe

C:\WINDOWS\system32\oxqvupgh.exe

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM…\Run: [PrepareYourVAIO] C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe

O4 - HKLM…\Run: [OfcpfwSvcs.exe] C:\WINDOWS\system32\OfcpfwSvcs.exe

O4 - HKLM…\Run: [t] C:\WINDOWS\system32\t.exe

O4 - HKLM…\Run: [lphc3f8j0eaaa] C:\WINDOWS\system32\lphc3f8j0eaaa.exe

O4 - HKCU…\Run: [InfoMon] C:\WINDOWS\system32\oxqvupgh.exe

O4 - HKLM…\Policies\Explorer\Run: [eKp8XOlhXr] C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe

O15 - Trusted Zone: click.getmirar.com… (HKLM)

O15 - Trusted Zone: click.mirarsearch.com… (HKLM)

O15 - Trusted Zone: awbeta.net-nucleus.com… (HKLM)

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - awbeta.net-nucleus.com…

O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - www.tellmemorecampus.com…

O21 - SSODL: SysMntUi - {33028A21-D4D8-E4F7-EED9-03D365E75136} - C:\Program Files\kyuzgub\SysMntUi.dll

O23 - Service: Print Spooler Service (aawc6iua1dohi8k) - Unknown owner - C:\WINDOWS\system32\t.exe (file missing

VIRE AVAST:@

bin tu formates et tu réinstalle tout… Comme ça tu feras plus attention la prochaine fois
Sinon ya aussi quelques bons outils qui permettent de voir ce qui tourne sur le pc, ce qui est lancé au démarrage etc… :
technet.microsoft.com…

Salut,

Mon fond d’écran est bleu avec un cadre jaune au centre (il y a écrit ca dedans : WARNING ! Spyware detected on your computer …)

Une question, je ne posséde pas d’antivirus (avec licence…) j’ai seulement avast ! Que pensez vous d’AVAST ? avez vous des suggestions …

Merci pour votre aide à tous

coucou voici le rapport Guigui :

Malwarebytes’ Anti-Malware 1.23
Version de la base de données: 985
Windows 5.1.2600 Service Pack 2

19:18:46 24/07/2008
mbam-log-7-24-2008 (19-18-46).txt

Type de recherche: Examen rapide
Eléments examinés: 39869
Temps écoulé: 6 minute(s), 26 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\WINDOWS\system32\blphc3f8j0eaaa.scr (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3f8j0eaaa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Program Files\rhc7f8j0eaaa\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3f8j0eaaa.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3f8j0eaaa.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc3f8j0eaaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Local Settings\Temp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Local Settings\Temp.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\SHIFT\Local Settings\Temp.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Sa a fait du vide :super:

Désactive tes protections
Utilise combofix
Laisse le travailler et post le rapport

voici le rapport : Guigu’sss

ComboFix 08-07-29.1 - SHIFT 2008-07-30 20:08:41.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.468 [GMT 2:00]
Endroit: C:\Documents and Settings\SHIFT\Bureau\ComboFix.exe

• Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa
C:\Program Files\rhc7f8j0eaaa
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\blphc3f8j0eaaa.scr
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\WINDOWS\system32\phc3f8j0eaaa.bmp
C:\WINDOWS\system32\pphc3f8j0eaaa.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys

((((((((((((((((((((((((((((( Fichiers cr??s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-25 11:07 . 2008-07-25 11:07 23,040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-07-25 11:07 . 2008-07-30 19:11 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-07-24 19:26 . 2008-07-24 19:26 268 --ah----- C:\sqmdata19.sqm
2008-07-24 19:26 . 2008-07-24 19:26 244 --ah----- C:\sqmnoopt19.sqm
2008-07-24 19:22 . 2008-07-24 19:22 86,016 --a------ C:\WINDOWS\system32\clahkbct.exe
2008-07-24 19:19 . 2008-07-24 19:19 268 --ah----- C:\sqmdata18.sqm
2008-07-24 19:19 . 2008-07-24 19:19 244 --ah----- C:\sqmnoopt18.sqm
2008-07-24 19:10 . 2008-07-24 19:20 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-24 19:10 . 2008-07-24 19:10 d-------- C:\Documents and Settings\SHIFT\Application Data\Malwarebytes
2008-07-24 19:10 . 2008-07-24 19:10 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 19:10 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 19:10 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 00:07 . 2008-07-24 00:07 268 --ah----- C:\sqmdata17.sqm
2008-07-24 00:07 . 2008-07-24 00:07 244 --ah----- C:\sqmnoopt17.sqm
2008-07-23 22:16 . 2008-07-23 22:16 90,112 --a------ C:\WINDOWS\system32\xgrylepa.exe
2008-07-23 22:13 . 2008-07-23 22:13 268 --ah----- C:\sqmdata16.sqm
2008-07-23 22:13 . 2008-07-23 22:13 244 --ah----- C:\sqmnoopt16.sqm
2008-07-23 21:34 . 2008-07-23 21:34 d-------- C:\Program Files\Trend Micro
2008-07-23 00:34 . 2008-07-23 00:34 268 --ah----- C:\sqmdata15.sqm
2008-07-23 00:34 . 2008-07-23 00:34 244 --ah----- C:\sqmnoopt15.sqm
2008-07-23 00:28 . 2008-07-23 00:28 268 --ah----- C:\sqmdata14.sqm
2008-07-23 00:28 . 2008-07-23 00:28 244 --ah----- C:\sqmnoopt14.sqm
2008-07-22 19:35 . 2008-07-22 19:35 268 --ah----- C:\sqmdata13.sqm
2008-07-22 19:35 . 2008-07-22 19:35 244 --ah----- C:\sqmnoopt13.sqm
2008-07-22 19:15 . 2008-07-22 19:15 268 --ah----- C:\sqmdata12.sqm
2008-07-22 19:15 . 2008-07-22 19:15 244 --ah----- C:\sqmnoopt12.sqm
2008-07-22 18:57 . 2008-07-22 18:57 268 --ah----- C:\sqmdata11.sqm
2008-07-22 18:57 . 2008-07-22 18:57 244 --ah----- C:\sqmnoopt11.sqm
2008-07-22 18:55 . 2008-07-22 18:55 d-------- C:\Program Files\kyuzgub
2008-07-22 18:55 . 2008-07-22 18:55 d-------- C:\Documents and Settings\All Users\Application Data\adojyvsh
2008-07-21 23:08 . 2008-07-21 23:08 268 --ah----- C:\sqmdata10.sqm
2008-07-21 23:08 . 2008-07-21 23:08 244 --ah----- C:\sqmnoopt10.sqm
2008-07-15 17:02 . 2008-07-16 11:03 d-------- C:\Program Files\Dofus
2008-06-21 11:26 . 2008-06-21 11:26 268 --ah----- C:\sqmdata09.sqm
2008-06-21 11:26 . 2008-06-21 11:26 244 --ah----- C:\sqmnoopt09.sqm
2008-06-20 23:38 . 2008-06-20 23:38 268 --ah----- C:\sqmdata08.sqm
2008-06-20 23:38 . 2008-06-20 23:38 244 --ah----- C:\sqmnoopt08.sqm
2008-06-20 23:32 . 2008-06-20 23:32 268 --ah----- C:\sqmdata07.sqm
2008-06-20 23:32 . 2008-06-20 23:32 244 --ah----- C:\sqmnoopt07.sqm
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c— C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c— C:\WINDOWS\system32\dllcache\afd.sys
2008-06-11 10:34 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:34 . 2008-06-14 19:59 272,768 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 23:17 . 2008-06-05 23:17 268 --ah----- C:\sqmdata06.sqm
2008-06-05 23:17 . 2008-06-05 23:17 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 11:53 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-07-14 20:55 --------- d-----w C:\Documents and Settings\SHIFT\Application Data\LimeWire
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-07 12:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-07 12:28 --------- d-----w C:\Documents and Settings\SHIFT\Application Data\AdobeUM
2008-05-31 11:24 --------- d-----w C:\Program Files\LimeWire
2008-05-31 11:22 --------- d-----w C:\Program Files\FrostWire
2008-01-08 21:47 374 ----a-w C:\Documents and Settings\SHIFT\Application Data\internaldb6334.dat
2008-01-08 21:32 555 ----a-w C:\Documents and Settings\SHIFT\Application Data\internaldb8467.dat
2008-01-08 21:32 18,432 ----a-w C:\Documents and Settings\SHIFT\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_22.08.47.37 )))))))))))))))))))))))))))))))))))))))))
.

• 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
• 2008-07-30 18:15:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat
• 2008-07-30 18:18:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b18.dat
  .
  ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}”= “C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL” [2008-01-20 20:23 66912]

[HKEY_CLASSES_ROOT\clsid{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-01-20 20:23 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-05 14:00 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-14 19:57 68856]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-04 00:29 165784]
“MsnMsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 12:34 5724184]
“MSMSGS”=“C:\Program Files\Messenger\MSMSGS.EXE” [2004-11-15 17:18 1670144]
“ProcMon”=“C:\WINDOWS\system32\xgrylepa.exe” [2008-07-23 22:16 90112]
“WinApp”=“C:\WINDOWS\system32\clahkbct.exe” [2008-07-24 19:22 86016]
“InfoShProc”=“C:\WINDOWS\system32\adqvmref.exe” [2008-07-30 20:18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Apoint”=“C:\Program Files\Apoint\Apoint.exe” [2003-11-07 10:21 114688]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-06-09 09:56 6746112]
“AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2005-04-29 07:56 45056]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-06-29 07:33 94208]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-06-29 07:33 77824]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2005-06-29 07:33 114688]
“SonyPowerCfg”=“C:\Program Files\Sony\VAIO Power Management\SPMgr.exe” [2005-10-19 23:07 184320]
“ISBMgr.exe”=“C:\Program Files\Sony\ISB Utility\ISBMgr.exe” [2004-02-20 15:12 32768]
“VAIO Update 2”=“C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” [2005-10-11 22:36 151552]
“PDService.exe”=“C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe” [2004-07-06 15:15 40960]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2005-03-03 21:47 483328]
“PrepareYourVAIO”=“C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe” [2005-01-21 16:36 118784]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17 159744]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-23 17:37 155648]
“CanonSolutionMenu”=“C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe” [2007-05-14 18:01 644696]
“CanonMyPrinter”=“C:\Program Files\Canon\MyPrinter\BJMyPrt.exe” [2007-04-03 18:50 1603152]
“SSBkgdUpdate”=“C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 09:03 210472]
“OpwareSE4”=“C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe” [2007-02-04 12:02 79400]
“USB Storage Toolbox”=“C:\Program Files\USB Disk Win98 Driver\Res.EXE” [2005-09-14 21:44 65536]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496]
“lphc3f8j0eaaa”=“C:\WINDOWS\system32\lphc3f8j0eaaa.exe” [2008-07-30 20:18 110080]
“SMrhc7f8j0eaaa”=“C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe” [2008-07-30 09:41 9457664]
“RTHDCPL”=“RTHDCPL.EXE” [2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
“Mouse Suite 98 Daemon”=“ICO.EXE” [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
“eKp8XOlhXr”=“C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe” [2008-07-22 18:55 65536]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1
Lancement rapide d’Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“NoDispBackgroundPage”= 1 (0x1)
“NoDispScrSavPage”= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“SysMntUi”= {33028A21-D4D8-E4F7-EED9-03D365E75136} - C:\Program Files\kyuzgub\SysMntUi.dll [2008-07-22 18:55 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.dvsd”= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc7f8j0eaaa]
–a------ 2008-07-30 09:41 9457664 C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\orbixd.exe”=
“C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CNEXT.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe”=
“C:\Program Files\LimeWire\LimeWire.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“18882:TCP”= 18882:TCP:NortonAV
“13669:TCP”= 13669:TCP:NortonAV

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2005-04-23 10:21]
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 15:07]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe [2005-01-29 12:12]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys [2008-07-30 20:18]
S2 aawc6iua1dohi8k;Print Spooler Service;C:\WINDOWS\system32\t.exe []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

Newly Created Service - SYSREST.SYS
.
Contenu du dossier ‘Scheduled Tasks/T?ches planifi?es’

2008-07-28 C:\WINDOWS\Tasks\Symantec NetDetect.job

• C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 16:59]
  .
• • • • ORPHANS REMOVED - - - -

HKCU-Run-InfoMon - C:\WINDOWS\system32\oxqvupgh.exe
HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.ask.com…
R0 -: HKCU-Main,Search Page = www.google.com…
R0 -: HKCU-Main,Default_Search_URL = www.google.com…
R0 -: HKCU-Main,Search Bar = www.google.com…
R0 -: HKLM-Main,Default_Search_URL = www.google.com…
R0 -: HKCU-Search,SearchAssistant = www.google.com…
R1 -: HKCU-SearchURL,(Default) = www.google.com…
R0 -: HKLM-Search,SearchAssistant = www.google.com…
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O15 -: Trusted Zone: *.sony-europe.com
O15 -: Trusted Zone: *.sonystyle-europe.com
O15 -: Trusted Zone: *.vaio-link.com

O16 -: {91D4B4D5-E368-40AB-8F53-A37FA634B471} - www.tellmemorecampus.com…
C:\WINDOWS\Downloaded Program Files\Tol9Inst.inf

---

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-30 20:15:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach?s …

Balayage cach? autostart entries …

Balayage des fichiers cach?s …

C:\WINDOWS\system32\adqvmref.exe 94208 bytes executable
C:\WINDOWS\system32\pphc3f8j0eaaa.exe 94208 bytes executable

Scan termin? avec succ?s
Les fichiers cach?s: 2

---

.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\lphc3f8j0eaaa.exepplication Data
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.

---

.
Temps d’accomplissement: 2008-07-30 20:24:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 18:24:47
ComboFix2.txt 2008-07-23 20:10:01

Pre-Run: 21,368,426,496 octets libres
Post-Run: 21,422,780,416 octets libres

249 — E O F — 2008-07-20 16:22:41

Upload c’est fichier sur virus total
Et colle les rapport en précisant le fichier

C:\Documents and Settings\SHIFT\Application Data\internaldb6334.dat RAPPORT :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 -
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.130 2008.07.30 -
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5995 2008.07.30 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 -
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 -
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5349 2008.07.29 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3311 2008.07.30 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 -
Rising 20.55.22.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.30 -
Information additionnelle
File size: 555 bytes
MD5…: d4806af41422579d5691fd765c1871e1
SHA1…: 1e9f3fb5a71baa522579007b6706d060a2678d2e
SHA256: d755ed2835e969274ada1dd9d0c5b3d9b6df50810a779553062fad132fec724b
SHA512: 30c06b3dbabb3625c7d0735f2f097447856a227851ff038a2db54e63be87ae74
5de718e26ddb35e895e31309ad25e0aca9804f3fd03cb6eeaa795fa20ac709f9
PEiD…: -
PEInfo: -

---

désole le rapport précédent est le : C:\Documents and Settings\SHIFT\Application Data\internaldb8434.dat et celui la est le C:\Documents and Settings\SHIFT\Application Data\internaldb8467.dat

Fichier internaldb6334.dat reçu le 2008.07.30 22:29:28 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 -
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.130 2008.07.30 -
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5995 2008.07.30 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 -
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 -
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5349 2008.07.29 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3311 2008.07.30 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 -
Rising 20.55.22.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.30 -
Information additionnelle
File size: 374 bytes
MD5…: 49ed10146c85f880e04853ed091e8231
SHA1…: da323ee0368cd147cf1b3490a765edb20d2daf61
SHA256: 5b40825ef0f6ff34713fa470f67df713f50e1c6e71b9bb5e3c5e75791c280196
SHA512: b2673dbb372c60e66f9019e064f54f32550dbc47609030e8d9ed32e5f4b6b3a3
52327eee743cd6a01487095ccd115ec6cad4649f23f19d9f609981fc8a00ebc8
PEiD…: -
PEInfo: -

---

C:\Documents and Settings\SHIFT\Application Data\internaldb41.dat RAPPORT :

ichier internaldb41.dat reçu le 2008.07.30 22:32:22 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 -
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.130 2008.07.30 -
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5995 2008.07.30 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 -
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 -
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5350 2008.07.30 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3311 2008.07.30 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 -
Rising 20.55.22.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.30 -
Information additionnelle
File size: 18432 bytes
MD5…: 963ea4a6c35ef09a73c9de8193151d5d
SHA1…: 125f726ebac1e33ea02503dd47d9669d7745638f
SHA256: 1bc3826b0b464b2fab6ace7d6aa5baabd960f0187f55c8b615c1528c973b8c13
SHA512: 093da117ce6deaf76690c97de35b39290dd8b7b3f63b1e81a6bf391427f6d513
d3b29f0ef66ccb978a963eb94d76defd65a33823d1a93e07d06e172aa8c04100
PEiD…: -
PEInfo: -

C:\WINDOWS\erdnt\subs\ERDNT.EXE AHAHAHAH ce rapport date aparement de 2006, ce scan a déjà eu lieu me dit’il !!

   RAPPORT :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.29 -
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.29 -
AVG 8.0.0.130 2008.07.29 -
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.29 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 Suspicious File
eTrust-Vet 31.6.5994 2008.07.30 -
Ewido 4.0 2008.07.29 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.30 -
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 -
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5349 2008.07.29 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3308 2008.07.29 -
Norman 5.80.02 2008.07.28 -
Panda 9.0.0.4 2008.07.29 -
PCTools 4.4.2.0 2008.07.30 Application.NirCmd
Prevx1 V2 2008.07.30 -
Rising 20.55.20.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.29.1315 2008.07.29 -
VirusBuster 4.5.11.0 2008.07.29 -
Webwasher-Gateway 6.6.2 2008.07.30 Win32.ModifiedUPX.gen (suspicious)
Information additionnelle
File size: 163328 bytes
MD5…: 89afdd29832aa923926bdd4b5f5243d5
SHA1…: 4ee93ef072559c5184236718fe07485bc5ddbe2d
SHA256: a559f249fc0e56bc925609773f6cc9cd1826bf70916be1d6370ce4707a6dfd84
SHA512: 289e9be8566e7b1713c4ed0fa9be509b7d7dd6fe5bab6a7cee7a338f2aeab040
419f1fbd032ba97b984691144b54ee8089a6e964ea8633bfa56539010e29a812
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x460bc0
timedatestamp…: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x3e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x3f000 0x22000 0x21e00 7.92 24d8ce11e468b4736732c44da60521ad
.rsrc 0x61000 0x2000 0x1200 3.40 72ab28575196aa99f86953b8c8a16607

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> advapi32.dll: IsValidSid
> comctl32.dll: ImageList_Add
> gdi32.dll: Pie
> ole32.dll: IsEqualGUID
> oleaut32.dll: VariantClear
> user32.dll: GetDC

( 0 exports )

ThreatExpert info: www.threatexpert.com…
packers (F-Prot): UPX
packers (Kaspersky): UPX

---

voici le rapport de : C:\WINDOWS\system32\xgrylepa.exe

Fichier xgrylepa.exe reçu le 2008.07.30 22:40:39 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 -
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.156 2008.07.30 Downloader.Swizzor
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5995 2008.07.30 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 W32/PolySmall.BP!tr
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 -
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5350 2008.07.30 -
Microsoft 1.3704 2008.07.28 Trojan:Win32/Busky.EC
NOD32v2 3311 2008.07.30 a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 -
Rising 20.55.22.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 Mal/EncPk-DG
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.30 -
Information additionnelle
File size: 90112 bytes
MD5…: ac8a6834911516018351575fe5e21c36
SHA1…: 14b060f133af8c410ad8609bfe1f66ec741ad806
SHA256: fbd32b5c368ba8c5731f51187070a9441128059bdaccc5d9a6bb15b0aad892bb
SHA512: 96d8ea33ccd6cb05208f37f2cb15247cf6671a347cb3453170b0da7f93647265
8736fcf62984576fa720363c0b09c9b22354d559f257c0a93e24111d4acfd20c
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401fb2
timedatestamp…: 0x48877239 (Wed Jul 23 18:02:33 2008)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.usqmf 0x1000 0x12650 0x13000 6.78 e3a692796ebace95f6ff2f6a2fd20141
.acuct 0x14000 0x68a 0x1000 2.72 1f9193f095aefa778c1d979baee7ebf4
.mmsa 0x15000 0x59c8 0x1000 0.50 50cb45e56552025c415f38d674b11569

( 4 imports )
> KERNEL32.dll: LoadLibraryA, GetModuleHandleW, GetLogicalDrives, WaitForMultipleObjects, DuplicateHandle, SetCurrentDirectoryW, GetTickCount, GlobalAlloc, GetFileSize, FreeResource, FindResourceW, ReadProcessMemory, InterlockedIncrement, DeleteFileW, SetLastError, GetLastError, CreateThread, GetProcAddress, GetCurrentProcessId, CreateProcessW, GlobalLock, GetCurrentThread, GetFileAttributesW, FindNextFileW, GetVersion, GlobalDeleteAtom, SetWaitableTimer
> USER32.dll: wsprintfW, ReleaseCapture, AppendMenuW, PostThreadMessageW, RegisterHotKey, GetWindowThreadProcessId, FillRect, LoadCursorW, ReleaseDC, GetDlgItem, SetCursor, LoadStringW, SetForegroundWindow, LoadIconW, GetWindowTextW, DestroyIcon, CreatePopupMenu, VkKeyScanW, RegisterClassExW, PostQuitMessage, SystemParametersInfoW
> GDI32.dll: DPtoLP, CreateDCW, CreateBitmap, BitBlt, SelectObject, SetBkColor, CreateCompatibleDC, StretchBlt
> ADVAPI32.dll: RegSetValueExW, GetUserNameW, InitializeSecurityDescriptor

( 0 exports )

---

voici le C:\WINDOWS\system32\clahkbct.exe :

Fichier clahkbct.exe reçu le 2008.07.27 22:41:12 (CET)
Situation actuelle: terminé
Résultat: 5/35 (14.29%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Downloader.Swizzor
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Busky.EC
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 4e31e21487e23b91c1388cfcac62a246
SHA1: 5facd4c0782dce173fb52cd761dfb4a00612d77c
SHA256: 6c03dc10335a5a9c94826ebe42983eaf81b4fdbad417cbfb86701868f759a50a
SHA512: 6d20c7233781a77da2ecbd11f16e41f3763e1365f55bd54a6c8cd0312efce31a352ff1ed138a51c7c6c52459a4096386de04360a5ebb13cc3562df0f80980033

ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n’y a

C:\WINDOWS\system32\adqvmref.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 -
Authentium 5.1.0.4 2008.07.30 W32/Busky.C.gen!Eldorado
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.156 2008.07.30 Downloader.Swizzor
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5995 2008.07.30 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 W32/Busky.C.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 W32/PolySmall.BP!tr
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 -
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5350 2008.07.30 -
Microsoft 1.3704 2008.07.28 Trojan:Win32/Busky.EC
NOD32v2 3311 2008.07.30 a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 Suspicious file
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 Suspicious
Rising 20.55.22.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.30 -
Information additionnelle
File size: 94208 bytes
MD5…: f1b276d17c15adc384b2cbb3fc132a51
SHA1…: 376827271a55856690faebe00f2ddf09198bd83a
SHA256: 51afef6987bdc268765d77a8d4cb7d62da62324641e153b4751a16e24e7aa6b9
SHA512: ac165fc31f639a93017b2a9a64e6a86c6ff313ba22b6c05f2f934c0d16edccc3
d80fa2bb20fb634233edd41ad972df4236d740ee41f196d85f9cd2a1c7ba2683
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40211f
timedatestamp…: 0x4890acde (Wed Jul 30 18:03:10 2008)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.fddcit 0x1000 0x131d6 0x14000 6.72 46c787fd29bc324a7d5c5e23e9cc515f
.jvkqnz 0x15000 0x752 0x1000 3.01 81c659923c60cec567c104652e1e7b92
.kkie 0x16000 0x59e4 0x1000 0.61 732203eba74b2a380b514737f1c070c0

( 4 imports )

KERNEL32.dll: FindResourceW, FreeLibrary, GetProcAddress, WriteFile, ResumeThread, GetFileAttributesExW, InterlockedIncrement, GlobalUnlock, GetVersion, SuspendThread, FileTimeToSystemTime, MultiByteToWideChar, CreateFileW, LoadLibraryA, SetCurrentDirectoryW, CreateProcessW, MoveFileW, CancelWaitableTimer, GetLogicalDrives, GetCurrentProcessId, GetLastError, CreateWaitableTimerW, VirtualAlloc, DuplicateHandle, ReadProcessMemory, GetFileAttributesW, FindFirstChangeNotificationW, CreateThread, GetDriveTypeW, LockResource
USER32.dll: PostThreadMessageW, SetWindowPos, LoadBitmapW, SetDlgItemTextW, DialogBoxParamW, DestroyMenu, CreateWindowExW, GetSysColor, GetWindowThreadProcessId, SetCursor, LoadCursorW, SetCursorPos, ReleaseCapture, GetKeyState, SystemParametersInfoW, SetForegroundWindow, GetSystemMetrics, IsDlgButtonChecked, DrawTextW, AppendMenuW
GDI32.dll: SetMapMode, SetBkMode, GetStockObject, SetDIBits, DeleteDC, CreateDCW, CreateRoundRectRgn, SetTextColor, DPtoLP, CreatePen, CreateICW, GetMapMode, GetObjectW, MoveToEx
ADVAPI32.dll: LookupAccountSidW, RegCreateKeyExW, GetUserNameW

( 0 exports )
Prevx info: info.prevx.com…

---

C:\Program Files\kyuzgub\SysMntUi.dll ::

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Win32/Heur
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 680be33971c6dabeab34cc352dccd5ac
SHA1: fd126ec8dcbdad5d9380e09b560fd84a78b90ac7
SHA256: 2c434cd3f59e42020eb8ef343010ce1e1213a0912d0174a73fafda822ed8fcc7
SHA512: 0c2630ac4f0a86a758eee29be9f6dff76f33d2cd9f9027a21bd52a0fd5603fc8ef75b0939b596ee5330ff6e802bc145f34cdc382e23f8a99a2b6c88cbd54509f

---

C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe

ichier Program_Files_rhcn7cj0ea59_rhcn7c reçu le 2008.07.30 14:12:20 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 -
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.29 -
AVG 8.0.0.130 2008.07.30 FakeAlert.AU
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.29 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5995 2008.07.30 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 -
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 Trojan.Peed.JOA
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5349 2008.07.29 -
NOD32v2 3309 2008.07.30 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.29 -
PCTools 4.4.2.0 2008.07.30 RogueAntiSpyware.AntivirusXP2008
Rising 20.55.22.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 Mal/TibsPk-D
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.29 -
Webwasher-Gateway 6.6.2 2008.07.30 Worm.Win32.Malware.gen (suspicious)
Information additionnelle
File size: 9457664 bytes
MD5…: 83259ea84925f23ce43f526c0fc4d24b
SHA1…: cea14972295dcd5582acf54a8ffd40d422851b5d
SHA256: 1d8ef9f48e4503eb1d25741d62c79a23c308074833ccf0aa7429fdf0f6519420
SHA512: 42df35b527bae45c69e01a634cda5e657890df4b4f2ec5914887a91ad6ccd0d2
0ddd7e65de44f58b6c9d6e3494c94d6ee43cfc981fd708d82f6d13f483b2e7eb
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x417434
timedatestamp…: 0x48871ea6 (Wed Jul 23 12:05:58 2008)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7cf5b 0x39400 8.00 87b21124b6fe67914ed50c9107a3259d
.rdata 0x7e000 0x22296 0xc200 8.00 e574402ef8815d2f900acff2f66f0732
.data 0xa1000 0x1bee0 0xc800 8.00 5955c095d2451ceb564e2728a51bed7a
.tls 0xbd000 0x3dc 0x200 7.61 a29736e6ee5a381709250179166f41cd
.rsrc 0xbe000 0x8b2000 0x8b2000 4.47 40eded8aaa6702404a20d64f1a180fbe

( 3 imports )
> gdi32.dll: ResetDCW, StretchBlt, SetICMMode, SetRelAbs, SetDIBColorTable, UpdateColors, SaveDC, TextOutW
> urlmon.dll: URLOpenStreamA, IsLoggingEnabledA, CoInstall, GetClassFileOrMime, AsyncInstallDistributionUnit, IsValidURL
> shell32.dll: StrRChrIW, SHFormatDrive, SHAppBarMessage

( 0 exports )

je trouve pas les autres !

???

Télécharge ce script
Désactive tes protection
Puis fait glisser le script sur combofix

Voici le rapport :

ComboFix 08-07-29.1 - SHIFT 2008-07-30 23:06:31.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.427 [GMT 2:00]Endroit: C:\Documents and Settings\SHIFT\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\SHIFT\Bureau\CFScript.txt

• Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\kyuzgub\SysMntUi.dll
C:\WINDOWS\erdnt\subs\ERDNT.EXE
C:\WINDOWS\system32\clahkbct.exe
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\xgrylepa.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\adojyvsh
C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe
C:\Documents and Settings\SHIFT\Application Data\rhc7f8j0eaaa
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache[u]0[/u]0034CAA
C:\Program Files\AskSBar\bar\Cache[u]0[/u]118D4E2.bin
C:\Program Files\AskSBar\bar\Cache[u]0[/u]118D8D9.bin
C:\Program Files\AskSBar\bar\Cache[u]0[/u]118DA02.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\kyuzgub
C:\Program Files\kyuzgub\SysMntUi.dll
C:\Program Files\rhc7f8j0eaaa
C:\Program Files\rhc7f8j0eaaa\database.dat
C:\Program Files\rhc7f8j0eaaa\license.txt
C:\Program Files\rhc7f8j0eaaa\MFC71.dll
C:\Program Files\rhc7f8j0eaaa\MFC71ENU.DLL
C:\Program Files\rhc7f8j0eaaa\msvcp71.dll
C:\Program Files\rhc7f8j0eaaa\msvcr71.dll
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe.local
C:\Program Files\rhc7f8j0eaaa\Uninstall.exe
C:\WINDOWS\erdnt\subs\ERDNT.EXE
C:\WINDOWS\system32\blphc3f8j0eaaa.scr
C:\WINDOWS\system32\clahkbct.exe
C:\WINDOWS\system32\lphc3f8j0eaaa.exe
C:\WINDOWS\system32\phc3f8j0eaaa.bmp
C:\WINDOWS\system32\pphc3f8j0eaaa.exe
C:\WINDOWS\system32\xgrylepa.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS

((((((((((((((((((((((((((((( Fichiers cr??s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 20:18 . 2008-07-30 20:18 94,208 --a------ C:\WINDOWS\system32\adqvmref.exe
2008-07-25 11:07 . 2008-07-25 11:07 23,040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-07-25 11:07 . 2008-07-30 20:18 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-07-24 19:26 . 2008-07-24 19:26 268 --ah----- C:\sqmdata19.sqm
2008-07-24 19:26 . 2008-07-24 19:26 244 --ah----- C:\sqmnoopt19.sqm
2008-07-24 19:19 . 2008-07-24 19:19 268 --ah----- C:\sqmdata18.sqm
2008-07-24 19:19 . 2008-07-24 19:19 244 --ah----- C:\sqmnoopt18.sqm
2008-07-24 19:10 . 2008-07-24 19:20 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-24 19:10 . 2008-07-24 19:10 d-------- C:\Documents and Settings\SHIFT\Application Data\Malwarebytes
2008-07-24 19:10 . 2008-07-24 19:10 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 19:10 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 19:10 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 00:07 . 2008-07-24 00:07 268 --ah----- C:\sqmdata17.sqm
2008-07-24 00:07 . 2008-07-24 00:07 244 --ah----- C:\sqmnoopt17.sqm
2008-07-23 22:13 . 2008-07-23 22:13 268 --ah----- C:\sqmdata16.sqm
2008-07-23 22:13 . 2008-07-23 22:13 244 --ah----- C:\sqmnoopt16.sqm
2008-07-23 21:34 . 2008-07-23 21:34 d-------- C:\Program Files\Trend Micro
2008-07-23 00:34 . 2008-07-23 00:34 268 --ah----- C:\sqmdata15.sqm
2008-07-23 00:34 . 2008-07-23 00:34 244 --ah----- C:\sqmnoopt15.sqm
2008-07-23 00:28 . 2008-07-23 00:28 268 --ah----- C:\sqmdata14.sqm
2008-07-23 00:28 . 2008-07-23 00:28 244 --ah----- C:\sqmnoopt14.sqm
2008-07-22 19:35 . 2008-07-22 19:35 268 --ah----- C:\sqmdata13.sqm
2008-07-22 19:35 . 2008-07-22 19:35 244 --ah----- C:\sqmnoopt13.sqm
2008-07-22 19:15 . 2008-07-22 19:15 268 --ah----- C:\sqmdata12.sqm
2008-07-22 19:15 . 2008-07-22 19:15 244 --ah----- C:\sqmnoopt12.sqm
2008-07-22 18:57 . 2008-07-22 18:57 268 --ah----- C:\sqmdata11.sqm
2008-07-22 18:57 . 2008-07-22 18:57 244 --ah----- C:\sqmnoopt11.sqm
2008-07-21 23:08 . 2008-07-21 23:08 268 --ah----- C:\sqmdata10.sqm
2008-07-21 23:08 . 2008-07-21 23:08 244 --ah----- C:\sqmnoopt10.sqm
2008-07-15 17:02 . 2008-07-16 11:03 d-------- C:\Program Files\Dofus
2008-06-21 11:26 . 2008-06-21 11:26 268 --ah----- C:\sqmdata09.sqm
2008-06-21 11:26 . 2008-06-21 11:26 244 --ah----- C:\sqmnoopt09.sqm
2008-06-20 23:38 . 2008-06-20 23:38 268 --ah----- C:\sqmdata08.sqm
2008-06-20 23:38 . 2008-06-20 23:38 244 --ah----- C:\sqmnoopt08.sqm
2008-06-20 23:32 . 2008-06-20 23:32 268 --ah----- C:\sqmdata07.sqm
2008-06-20 23:32 . 2008-06-20 23:32 244 --ah----- C:\sqmnoopt07.sqm
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c— C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c— C:\WINDOWS\system32\dllcache\afd.sys
2008-06-11 10:34 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:34 . 2008-06-14 19:59 272,768 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 23:17 . 2008-06-05 23:17 268 --ah----- C:\sqmdata06.sqm
2008-06-05 23:17 . 2008-06-05 23:17 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 11:53 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-07-14 20:55 --------- d-----w C:\Documents and Settings\SHIFT\Application Data\LimeWire
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-07 12:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-07 12:28 --------- d-----w C:\Documents and Settings\SHIFT\Application Data\AdobeUM
2008-05-31 11:24 --------- d-----w C:\Program Files\LimeWire
2008-05-31 11:22 --------- d-----w C:\Program Files\FrostWire
2008-01-08 21:47 374 ----a-w C:\Documents and Settings\SHIFT\Application Data\internaldb6334.dat
2008-01-08 21:32 555 ----a-w C:\Documents and Settings\SHIFT\Application Data\internaldb8467.dat
2008-01-08 21:32 18,432 ----a-w C:\Documents and Settings\SHIFT\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_22.08.47.37 )))))))))))))))))))))))))))))))))))))))))
.

• 2008-07-30 21:10:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_640.dat
  .
  ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-05 14:00 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-14 19:57 68856]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-04 00:29 165784]
“MsnMsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 12:34 5724184]
“MSMSGS”=“C:\Program Files\Messenger\MSMSGS.EXE” [2004-11-15 17:18 1670144]
“InfoShProc”=“C:\WINDOWS\system32\adqvmref.exe” [2008-07-30 20:18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Apoint”=“C:\Program Files\Apoint\Apoint.exe” [2003-11-07 10:21 114688]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-06-09 09:56 6746112]
“AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2005-04-29 07:56 45056]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-06-29 07:33 94208]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-06-29 07:33 77824]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2005-06-29 07:33 114688]
“SonyPowerCfg”=“C:\Program Files\Sony\VAIO Power Management\SPMgr.exe” [2005-10-19 23:07 184320]
“ISBMgr.exe”=“C:\Program Files\Sony\ISB Utility\ISBMgr.exe” [2004-02-20 15:12 32768]
“VAIO Update 2”=“C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” [2005-10-11 22:36 151552]
“PDService.exe”=“C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe” [2004-07-06 15:15 40960]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2005-03-03 21:47 483328]
“PrepareYourVAIO”=“C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe” [2005-01-21 16:36 118784]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17 159744]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-23 17:37 155648]
“CanonSolutionMenu”=“C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe” [2007-05-14 18:01 644696]
“CanonMyPrinter”=“C:\Program Files\Canon\MyPrinter\BJMyPrt.exe” [2007-04-03 18:50 1603152]
“SSBkgdUpdate”=“C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 09:03 210472]
“OpwareSE4”=“C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe” [2007-02-04 12:02 79400]
“USB Storage Toolbox”=“C:\Program Files\USB Disk Win98 Driver\Res.EXE” [2005-09-14 21:44 65536]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496]
“lphc3f8j0eaaa”=“C:\WINDOWS\system32\lphc3f8j0eaaa.exe” [BU]
“RTHDCPL”=“RTHDCPL.EXE” [2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
“Mouse Suite 98 Daemon”=“ICO.EXE” [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-05 14:00 15360]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1
Lancement rapide d’Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.dvsd”= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc7f8j0eaaa]
C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\orbixd.exe”=
“C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CNEXT.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe”=
“C:\Program Files\LimeWire\LimeWire.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“18882:TCP”= 18882:TCP:NortonAV
“13669:TCP”= 13669:TCP:NortonAV

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2005-04-23 10:21]
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 15:07]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe [2005-01-29 12:12]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
S2 aawc6iua1dohi8k;Print Spooler Service;C:\WINDOWS\system32\t.exe []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier ‘Scheduled Tasks/T?ches planifi?es’

2008-07-30 C:\WINDOWS\Tasks\Symantec NetDetect.job

• C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 16:59]
  .
• • • • ORPHANS REMOVED - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
HKCU-Run-ProcMon - C:\WINDOWS\system32\xgrylepa.exe
HKCU-Run-WinApp - C:\WINDOWS\system32\clahkbct.exe
HKLM-Run-SMrhc7f8j0eaaa - C:\Program Files\rhc7f8j0eaaa\rhc7f8j0eaaa.exe
HKLM-Explorer_Run-eKp8XOlhXr - C:\Documents and Settings\All Users\Application Data\adojyvsh\wdmjarqn.exe
SSODL-SysMntUi-{33028A21-D4D8-E4F7-EED9-03D365E75136} - C:\Program Files\kyuzgub\SysMntUi.dll

---

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-30 23:11:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach?s …

Balayage cach? autostart entries …

Balayage des fichiers cach?s …

Scan termin? avec succ?s
Les fichiers cach?s: 0

---

.
--------------------- DLLs a charg? sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\ApntEx.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.

---

.
Temps d’accomplissement: 2008-07-30 23:19:13 - machine was rebooted [SHIFT]
ComboFix-quarantined-files.txt 2008-07-30 21:19:07
ComboFix2.txt 2008-07-30 18:24:52
ComboFix3.txt 2008-07-23 20:10:01

Pre-Run: 21,476,319,232 octets libres
Post-Run: 21,451,276,288 octets libres

252 — E O F — 2008-07-20 16:22:41

Tu peut faire un scan avec housecall[/url] et/ou [url=http://www.bitdefender.fr/scan_fr/scan8/ie.html]bitdefender

Tu as toujours ton problème?

ca va bcp bcp mieux !!! merci Guigu’ssss