[Résolu] problem avec trojan-downloader.win32.agent.bq
Forum Sécurité - Virus : [Résolu] problem avec trojan-downloader.win32.agent.bq
Bonjour,
voila j'ai un bleme je ne sais pas comment me debarasser de troja notamment:
trojan-spy.win32.keylogger.aa
trojan-downloader.win32.agent.bq
j'ai essayé cette facon mais rien:
http://www.infos-du-net.com/forum/ [...] alwarebyte
merci de votre aide
Voila un rapport HijackThis::::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:23, on 30.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\ATKKBService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\dllhost.exe
I:\Program Files\Analog Devices\Core\smax4pnp.exe
I:\Program Files\Analog Devices\SoundMAX\Smax4.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\RocketDock\RocketDock.exe
I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
I:\WINDOWS\system32\kfcfsdgj.exe
I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
I:\Program Files\Opera\opera.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\kfcfsdgj.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessLive Auto Update] G:\Logiciel\MessLivePatch.exe -a_update
O4 - HKCU\..\Run: [strapl] I:\WINDOWS\system32\kfcfsdgj.exe
O4 - HKLM\..\Policies\Explorer\Run: [zblsluTn5Z] I:\Documents and Settings\Vincent Villy\Bureau\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
O4 - Global Startup: PayPen.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: MsgCfgUi - {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6497 bytes
Message édité par erebus75 le 01-09-2008 à 17:42:03
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
je peine un max
avec la console de recuperation
EDIT : Je n'arrive pas a installecet P: de console de recup.....
j'ai essayé 2X sans succes
Message édité par erebus75 le 30-08-2008 à 18:30:15
Et le scan ne se fait pas ?
Répondre à Angeldark
dans le tuto que tu m'as linké ils dise de metre la consolle de .... pour recuperer si il y a un bleme
mais je vais tenter le scan
ComboFix 08-08-29.02 - Vincent Villy 2008-08-30 19:27:52.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1601 [GMT 2:00]
Endroit: I:\Documents and Settings\Vincent Villy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp1.tmp
I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp2.tmp
I:\Program Files\akl
I:\Program Files\akl\akl.dll
I:\Program Files\akl\akl.exe
I:\Program Files\akl\uninstall.exe
I:\Program Files\akl\unsetup.exe
I:\WINDOWS\a.bat
I:\WINDOWS\base64.tmp
I:\WINDOWS\bdn.com
I:\WINDOWS\FVProtect.exe
I:\WINDOWS\iTunesMusic.exe
I:\WINDOWS\mslagent
I:\WINDOWS\mslagent\2_mslagent.dll
I:\WINDOWS\mslagent\mslagent.exe
I:\WINDOWS\mslagent\uninstall.exe
I:\WINDOWS\mssecu.exe
I:\WINDOWS\system32\akttzn.exe
I:\WINDOWS\system32\anticipator.dll
I:\WINDOWS\system32\awtoolb.dll
I:\WINDOWS\system32\bdn.com
I:\WINDOWS\system32\bsva-egihsg52.exe
I:\WINDOWS\system32\dpcproxy.exe
I:\WINDOWS\system32\h@tkeysh@@k.dll
I:\WINDOWS\system32\hoproxy.dll
I:\WINDOWS\system32\hxiwlgpm.dat
I:\WINDOWS\system32\hxiwlgpm.exe
I:\WINDOWS\system32\msgp.exe
I:\WINDOWS\system32\msnbho.dll
I:\WINDOWS\system32\mssecu.exe
I:\WINDOWS\system32\msvchost.exe
I:\WINDOWS\system32\mtr2.exe
I:\WINDOWS\system32\mwin32.exe
I:\WINDOWS\system32\netode.exe
I:\WINDOWS\system32\newsd32.exe
I:\WINDOWS\system32\ps1.exe
I:\WINDOWS\system32\psof1.exe
I:\WINDOWS\system32\psoft1.exe
I:\WINDOWS\system32\regc64.dll
I:\WINDOWS\system32\regm64.dll
I:\WINDOWS\system32\Rundl1.exe
I:\WINDOWS\system32\smp
I:\WINDOWS\system32\smp\msrc.exe
I:\WINDOWS\system32\sncntr.exe
I:\WINDOWS\system32\ssurf022.dll
I:\WINDOWS\system32\ssvchost.com
I:\WINDOWS\system32\ssvchost.exe
I:\WINDOWS\system32\sysreq.exe
I:\WINDOWS\system32\taack.dat
I:\WINDOWS\system32\taack.exe
I:\WINDOWS\system32\temp#01.exe
I:\WINDOWS\system32\thun.dll
I:\WINDOWS\system32\thun32.dll
I:\WINDOWS\system32\VBIEWER.OCX
I:\WINDOWS\system32\vbsys2.dll
I:\WINDOWS\system32\vcatchpi.dll
I:\WINDOWS\system32\vsdatant.sys
I:\WINDOWS\system32\winlogonpc.exe
I:\WINDOWS\system32\winsystem.exe
I:\WINDOWS\system32\WINWGPX.EXE
I:\WINDOWS\userconfig9x.dll
I:\WINDOWS\winsystem.exe
I:\WINDOWS\zip1.tmp
I:\WINDOWS\zip2.tmp
I:\WINDOWS\zip3.tmp
I:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VSDATANT
-------\Service_vsdatant
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-30 16:56 . 2008-08-30 16:56 <REP> d-------- I:\Program Files\VirtualDub-1.6.18
2008-08-30 15:45 . 2008-08-30 15:45 <REP> d-------- I:\Program Files\Trend Micro
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Malwarebytes
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 13:03 . 2008-08-17 15:01 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 13:03 . 2008-08-17 15:01 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 12:57 . 2008-08-30 13:02 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 10:15 . 2008-08-30 19:31 682,016 --ahs---- I:\WINDOWS\system32\drivers\fidbox.dat
2008-08-30 10:15 . 2008-08-30 19:30 10,088 --ahs---- I:\WINDOWS\system32\drivers\fidbox.idx
2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Program Files\Zone Labs
2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-30 10:10 . 2008-08-30 17:41 <REP> d-------- I:\WINDOWS\Internet Logs
2008-08-30 09:55 . 2008-08-30 09:55 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Jetico Personal Firewall
2008-08-30 02:13 . 2008-08-30 02:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytohqzuh
2008-08-29 15:06 . 2008-08-29 15:06 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Program Files\avbjzde
2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytefapsl
2008-08-29 14:13 . 2008-08-29 14:13 98,304 --a------ I:\WINDOWS\system32\kfcfsdgj.exe
2008-08-29 14:13 . 2008-08-29 14:13 66,048 --a------ I:\WINDOWS\system32\yhwfwfsj.exe
2008-08-25 23:30 . 2008-08-25 23:30 <REP> d-------- I:\Program Files\CDisplay
2008-08-20 17:13 . 2008-08-20 17:13 <REP> d-------- I:\Program Files\SHARP
2008-08-18 22:07 . 2008-08-18 22:08 <REP> d-------- I:\Documents and Settings\Vincent Villy\Logitech
2008-08-18 22:06 . 2008-08-18 22:06 <REP> d-------- I:\Program Files\Fichiers communs\Remote Control USB Driver
2008-08-17 11:31 . 2004-03-29 17:23 90,112 --a------ I:\WINDOWS\unvise32.exe
2008-08-17 10:43 . 2008-08-17 10:43 <REP> d-------- I:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-17 10:39 . 2008-08-17 10:39 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ALM
2008-08-17 10:33 . 2008-08-30 17:57 <REP> d-------- I:\Program Files\Bonjour
2008-08-17 10:30 . 2008-08-17 10:30 <REP> d-------- I:\Program Files\Fichiers communs\Macrovision Shared
2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- I:\Program Files\Yahoo!
2008-08-14 13:52 . 2008-08-14 13:52 <REP> d-------- I:\Program Files\MSECache
2008-08-13 22:48 . 2008-05-01 16:36 331,776 -----c--- I:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 18:04 . 2008-08-11 18:04 <REP> d-------- I:\Program Files\InfraRecorder
2008-08-11 18:04 . 2008-08-11 18:24 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\InfraRecorder
2008-08-05 19:14 . 2008-08-17 08:10 <REP> d-------- I:\Program Files\MediaCoder
2008-08-04 12:21 . 2008-08-04 16:27 <REP> d-------- I:\Program Files\Gabest
2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Real Alternative
2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Haali
2008-08-04 12:08 . 2008-08-04 12:08 <REP> d-------- I:\Program Files\ffdshow
2008-08-04 12:08 . 2007-01-01 00:00 60,273 --a------ I:\WINDOWS\system32\pthreadGC2.dll
2008-08-04 12:08 . 2007-12-15 16:11 7,680 --a------ I:\WINDOWS\system32\ff_vfw.dll
2008-08-04 12:08 . 2007-12-15 16:11 6,144 --a------ I:\WINDOWS\system32\ff_acm.acm
2008-08-04 12:08 . 2007-01-01 00:00 547 --a------ I:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-02 17:04 . 2008-08-08 17:36 <REP> d-------- I:\Program Files\musikCube_1.0
2008-08-02 17:03 . 2008-08-30 10:36 <REP> d-------- I:\Documents and Settings\Vincent Villy\.musikproject
2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a--c--- I:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a--c--- I:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr-fr
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\bits
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\l2schemas
2008-08-01 06:58 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
2008-07-31 12:23 . 2008-07-31 12:23 <REP> d-------- I:\Program Files\Exact Audio Copy
2008-07-31 12:23 . 2008-07-31 13:28 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\AccurateRip
2008-07-31 12:16 . 2008-07-31 12:16 9,557 --a------ I:\WINDOWS\EAC.CFG
2008-07-31 11:55 . 2008-07-31 11:55 164,112 --a------ I:\WINDOWS\system32\wnaspi32.dll
2008-07-27 17:41 . 2008-07-27 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Media Player Classic
2008-07-27 09:19 . 2008-08-30 15:38 <REP> d-------- I:\Program Files\Mozilla Thunderbird
2008-07-27 09:19 . 2008-07-27 09:19 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Thunderbird
2008-07-26 11:03 . 2008-07-26 11:03 <REP> d--h----- I:\WINDOWS\PIF
2008-07-26 09:47 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brownie
2008-07-26 09:46 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brother
2008-07-26 09:46 . 2004-10-12 01:24 188,416 --a------ I:\WINDOWS\system32\Pdrvinst.dll
2008-07-26 09:46 . 2002-10-31 01:09 81,920 --a------ I:\WINDOWS\system32\BrWebIns.dll
2008-07-26 09:46 . 2003-07-03 01:08 65,536 --a------ I:\WINDOWS\system32\BRWEBUP.EXE
2008-07-26 09:46 . 2008-04-13 20:47 25,856 --------- I:\WINDOWS\system32\drivers\usbprint.sys
2008-07-26 09:46 . 2008-07-26 09:46 425 --a------ I:\WINDOWS\BRWMARK.INI
2008-07-26 09:46 . 2008-07-26 09:46 34 --a------ I:\WINDOWS\system32\BD2030.DAT
2008-07-25 15:17 . 2008-08-17 10:41 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
2008-07-25 13:07 . 2008-07-25 13:07 <REP> d-------- I:\Program Files\CCleaner
2008-07-25 12:20 . 2008-07-25 12:20 <REP> d-------- I:\Program Files\Lavasoft
2008-07-25 12:20 . 2008-07-25 12:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 12:19 . 2008-07-25 12:19 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-25 12:06 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-25 12:06 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
2008-07-25 12:06 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-24 20:32 . 2008-07-24 20:35 1,143 --a------ I:\WINDOWS\mozver.dat
2008-07-24 17:54 . 2008-07-25 12:57 <REP> d-------- I:\Documents and Settings\All Users\Application Data\part dead amok eggs
2008-07-24 17:41 . 2008-07-24 17:53 <REP> d-------- I:\Documents and Settings\Vincent Villy\Contacts
2008-07-24 17:34 . 2008-08-18 22:06 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-24 17:28 . 2008-07-25 12:56 <REP> d-------- I:\Program Files\Windows Live
2008-07-24 17:28 . 2008-07-24 17:34 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-24 17:28 . 2008-07-24 17:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-24 16:52 . 2008-07-24 16:52 <REP> d---s---- I:\Documents and Settings\Vincent Villy\UserData
2008-07-24 16:30 . 2008-07-24 16:30 <REP> d-------- I:\Program Files\MSXML 4.0
2008-07-24 15:23 . 2008-07-24 15:23 <REP> d-------- I:\Program Files\Enregistrer sous
2008-07-24 14:34 . 2008-07-24 19:11 <REP> dr------- I:\WINDOWS\system32\000 - Icones
2008-07-24 13:26 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
2008-07-24 13:26 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
2008-07-24 13:25 . 2008-05-08 16:02 203,136 -----c--- I:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-24 13:21 . 2008-07-24 13:21 <REP> d-------- I:\Program Files\RocketDock
2008-07-23 20:42 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
2008-07-23 20:42 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-23 19:27 . 2008-07-23 19:27 228 --a------ I:\WINDOWS\CCPen200.ini
2008-07-23 19:25 . 2008-07-23 19:25 <REP> d-------- I:\WINDOWS\system32\URTTEMP
2008-07-23 19:07 . 2005-02-14 15:27 32,408 --------- I:\WINDOWS\system32\drivers\pendfu.sys
2008-07-23 18:51 . 2008-07-24 13:59 <REP> d-------- I:\Program Files\uTorrent
2008-07-23 18:51 . 2008-08-30 17:52 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\uTorrent
2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Program Files\QuickTime Alternative
2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-23 18:45 . 2008-05-27 10:50 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
2008-07-23 18:45 . 2008-05-27 10:50 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Program Files\Team MediaPortal
2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-07-23 18:14 . 2008-07-23 18:14 0 --a------ I:\WINDOWS\ccwinpay.INI
2008-07-23 18:08 . 2008-07-23 18:08 <REP> d-------- I:\Program Files\Microsoft WSE
2008-07-23 18:08 . 2008-08-22 17:13 <REP> d-------- I:\Program Files\Fichiers communs\C-CHANNEL
2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Program Files\C-CHANNEL
2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\C-CHANNEL
2008-07-23 17:41 . 2008-07-23 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\IrfanView
2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Program Files\VideoLAN
2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\vlc
2008-07-23 17:10 . 2008-07-23 17:12 <REP> d-------- I:\WINDOWS\SHELLNEW
2008-07-23 17:10 . 2008-08-29 07:22 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-23 17:09 . 2008-07-23 17:09 <REP> dr-h----- I:\MSOCache
2008-07-23 16:19 . 2008-07-23 16:20 <REP> d-------- I:\Program Files\MozBackup
2008-07-23 16:07 . 2008-07-23 16:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-23 16:03 . 2008-07-23 16:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-23 16:01 . 2008-07-23 16:01 <REP> d-------- I:\Program Files\My Company Name
2008-07-23 16:00 . 2008-07-23 16:03 <REP> d-------- I:\WINDOWS\nview
2008-07-23 16:00 . 2006-06-01 11:22 208,896 --a------ I:\WINDOWS\system32\nvudisp.exe
2008-07-23 16:00 . 2008-08-30 19:31 63,804 --a------ I:\WINDOWS\system32\nvapps.xml
2008-07-23 16:00 . 2006-06-01 11:22 16,960 --a------ I:\WINDOWS\system32\nvdisp.nvu
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 11:03 --------- d-----w I:\Program Files\Realtek
2008-07-23 09:37 --------- d-----w I:\Program Files\microsoft frontpage
2008-07-23 09:35 --------- d-----w I:\Program Files\Services en ligne
2008-07-23 09:29 --------- d-----w I:\Program Files\Windows Plus
2008-07-09 07:05 75,248 ----a-w I:\WINDOWS\zllsputility.exe
2008-07-09 07:05 42,384 ----a-w I:\WINDOWS\zllsputility_loc040c.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="I:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"MediaPortal Shell"="I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [2006-09-22 08:57 200704]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"strapl"="I:\WINDOWS\system32\kfcfsdgj.exe" [2008-08-29 14:13 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="I:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMAXPnP"="I:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"JMB36X Configure"="I:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"ZoneAlarm Client"="I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 I:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= I:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MsgCfgUi"= {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll [2008-08-29 14:13 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 PayPen;PayPen;I:\WINDOWS\system32\Drivers\PayPen.sys [2005-02-16 08:53]
R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 pendfu;PenDfu (pendfu.sys);I:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 15:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3180ad7-58a3-11dd-bb0a-806d6172696f}]
\Shell\AutoRun\command - G:\ASUSACPI.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MessLive Auto Update - G:\Logiciel\MessLivePatch.exe
HKLM-Explorer_Run-zblsluTn5Z - I:\Documents and Settings\Vincent Villy\Bureau\AdobeFlashPlayerHD.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\Vincent Villy\Application Data\Mozilla\Firefox\Profiles\e3z9n9p8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.karloff.ch/wd110awp/wd110awp.exe/connect/EKARLOFF
FF -: plugin - I:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - I:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - I:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - I:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 19:31:37
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\ATKKBService.exe
I:\WINDOWS\ehome\ehRecvr.exe
I:\WINDOWS\ehome\ehSched.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\ehome\ehmsas.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 19:33:41 - machine was rebooted [Vincent Villy]
ComboFix-quarantined-files.txt 2008-08-30 17:33:37
Pre-Run: 38,207,086,592 octets libres
Post-Run: 38,590,668,800 octets libres
313 --- E O F --- 2008-08-29 05:22:15
Reposte un rapport Hijackthis.
Répondre à Angeldark
J'ai toujours les problemes avec ces trojan
voici le rapport:::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:23, on 30.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Analog Devices\Core\smax4pnp.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\RocketDock\RocketDock.exe
I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\kfcfsdgj.exe
I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\ATKKBService.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\dllhost.exe
I:\Program Files\Opera\opera.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [strapl] I:\WINDOWS\system32\kfcfsdgj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
O4 - Global Startup: PayPen.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: MsgCfgUi - {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - I:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5843 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
j'ai fait plusieur scan
1er:
Avira AntiVir Personal
Report file date: samedi, 30. août 2008 21:05
Scanning for 1583963 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOME-2EAE655111
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 19:05:00
ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 19:05:01
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 19:05:04
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 19:05:04
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 19:05:03
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 19:05:02
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 19:05:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: G:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi, 30. août 2008 21:05
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'CPenDesk.exe' - '1' Module(s) have been scanned
Scan process 'CPenOCR.exe' - '1' Module(s) have been scanned
Scan process 'PayPen.exe' - '1' Module(s) have been scanned
Scan process 'kfcfsdgj.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'mptray.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'G:\' <Mon Bureau>
G:\Logiciel\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar
[0] Archive type: RAR
--> Crack et Keygen\KeyGen Adobe.PhotoShop.CS2.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[WARNING] The file was ignored!
G:\Logiciel\Adobe.CS3.Design.Premium.FRENCH\Adobe.CS3.Design.Premium.FRENCH\crack\Keygen\Adobe CS3 Design Premium Keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program
[NOTE] The file was deleted!
G:\System Volume Information\_restore{2D01212A-8F87-47E9-A13B-C6F1BF24E1EA}\RP71\A0017687.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.581 back-door program
[NOTE] The file was deleted!
G:\System Volume Information\_restore{2D01212A-8F87-47E9-A13B-C6F1BF24E1EA}\RP74\A0018663.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program
[NOTE] The file was deleted!
Begin scan in 'I:\' <Disque Local>
I:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: samedi, 30. août 2008 21:51
Used time: 45:33 Minute(s)
The scan has been done completely.
7844 Scanning directories
537886 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
537881 Files not concerned
6890 Archives were scanned
6 Warnings
3 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
2eme
Avira AntiVir Personal
Report file date: samedi, 30. août 2008 21:57
Scanning for 1583963 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Vincent Villy
Computer name: HOME-2EAE655111
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 19:05:00
ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 19:05:01
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 19:05:04
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 19:05:04
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 19:05:03
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 19:05:02
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 19:05:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: i:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: G:, I:, A:, H:, J:, K:, L:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi, 30. août 2008 21:57
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Boot sector 'L:\'
[INFO] In the drive 'L:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'G:\' <Mon Bureau>
End of the scan: samedi, 30. août 2008 23:01
Used time: 1:03:21 Hour(s)
The scan has been canceled!
366 Scanning directories
19520 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
19520 Files not concerned
3253 Archives were scanned
4 Warnings
0 Notes
Hijackthis 
Répondre à Angeldark
Voilou
mais j'ai toujour ces pop up de trojan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:15, on 30.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Analog Devices\Core\smax4pnp.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\RocketDock\RocketDock.exe
I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\kfcfsdgj.exe
I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\WINDOWS\ATKKBService.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\dllhost.exe
I:\Program Files\Opera\opera.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
i:\program files\avira\antivir personaledition classic\avcenter.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\kfcfsdgj.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [strapl] I:\WINDOWS\system32\kfcfsdgj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
O4 - Global Startup: PayPen.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: MsgCfgUi - {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - I:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5823 bytes
je croyai les trojan parti mais non
j'ai toujours ces fenetres qui s'ouvre pour m'avertir que j'ai un trojan et aller sur ce site acheter un antivirus
Refais un scan Combofix
Répondre à Angeldark
Voila :::::
ComboFix 08-08-30.03 - Vincent Villy 2008-08-31 14:46:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1606 [GMT 2:00]
Endroit: I:\Documents and Settings\Vincent Villy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp1.tmp
I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp2.tmp
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Program Files\Avira
2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Avira
2008-08-30 16:56 . 2008-08-30 16:56 <REP> d-------- I:\Program Files\VirtualDub-1.6.18
2008-08-30 15:45 . 2008-08-30 15:45 <REP> d-------- I:\Program Files\Trend Micro
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Malwarebytes
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 13:03 . 2008-08-17 15:01 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 13:03 . 2008-08-17 15:01 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 12:57 . 2008-08-30 13:02 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 10:11 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\system32\ZoneLabs
2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-30 10:11 . 2004-04-27 04:40 11,264 --a------ I:\WINDOWS\system32\SpOrder.dll
2008-08-30 10:11 . 2008-08-30 10:13 4,212 ---h----- I:\WINDOWS\system32\zllictbl.dat
2008-08-30 10:11 . 2008-08-30 20:39 335 --a------ I:\WINDOWS\system32\vsconfig.xml
2008-08-30 10:10 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\Internet Logs
2008-08-30 09:55 . 2008-08-30 09:55 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Jetico Personal Firewall
2008-08-30 02:13 . 2008-08-30 02:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytohqzuh
2008-08-29 15:06 . 2008-08-29 15:06 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Program Files\avbjzde
2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytefapsl
2008-08-29 14:13 . 2008-08-29 14:13 98,304 --a------ I:\WINDOWS\system32\kfcfsdgj.exe
2008-08-29 14:13 . 2008-08-29 14:13 66,048 --a------ I:\WINDOWS\system32\yhwfwfsj.exe
2008-08-25 23:30 . 2008-08-31 11:05 <REP> d-------- I:\Program Files\CDisplay
2008-08-20 17:13 . 2008-08-20 17:13 <REP> d-------- I:\Program Files\SHARP
2008-08-18 22:07 . 2008-08-18 22:08 <REP> d-------- I:\Documents and Settings\Vincent Villy\Logitech
2008-08-18 22:06 . 2008-08-18 22:06 <REP> d-------- I:\Program Files\Fichiers communs\Remote Control USB Driver
2008-08-17 11:31 . 2004-03-29 17:23 90,112 --a------ I:\WINDOWS\unvise32.exe
2008-08-17 10:43 . 2008-08-17 10:43 <REP> d-------- I:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-17 10:39 . 2008-08-17 10:39 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ALM
2008-08-17 10:33 . 2008-08-30 17:57 <REP> d-------- I:\Program Files\Bonjour
2008-08-17 10:30 . 2008-08-17 10:30 <REP> d-------- I:\Program Files\Fichiers communs\Macrovision Shared
2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- I:\Program Files\Yahoo!
2008-08-14 13:52 . 2008-08-14 13:52 <REP> d-------- I:\Program Files\MSECache
2008-08-13 22:48 . 2008-05-01 16:36 331,776 -----c--- I:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 18:04 . 2008-08-11 18:04 <REP> d-------- I:\Program Files\InfraRecorder
2008-08-11 18:04 . 2008-08-11 18:24 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\InfraRecorder
2008-08-05 19:14 . 2008-08-17 08:10 <REP> d-------- I:\Program Files\MediaCoder
2008-08-04 12:21 . 2008-08-04 16:27 <REP> d-------- I:\Program Files\Gabest
2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Real Alternative
2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Haali
2008-08-04 12:08 . 2008-08-04 12:08 <REP> d-------- I:\Program Files\ffdshow
2008-08-04 12:08 . 2007-01-01 00:00 60,273 --a------ I:\WINDOWS\system32\pthreadGC2.dll
2008-08-04 12:08 . 2007-12-15 16:11 7,680 --a------ I:\WINDOWS\system32\ff_vfw.dll
2008-08-04 12:08 . 2007-12-15 16:11 6,144 --a------ I:\WINDOWS\system32\ff_acm.acm
2008-08-04 12:08 . 2007-01-01 00:00 547 --a------ I:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-02 17:04 . 2008-08-08 17:36 <REP> d-------- I:\Program Files\musikCube_1.0
2008-08-02 17:03 . 2008-08-30 10:36 <REP> d-------- I:\Documents and Settings\Vincent Villy\.musikproject
2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a--c--- I:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a--c--- I:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr-fr
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\bits
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\l2schemas
2008-08-01 06:58 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
2008-07-31 12:23 . 2008-07-31 12:23 <REP> d-------- I:\Program Files\Exact Audio Copy
2008-07-31 12:23 . 2008-07-31 13:28 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\AccurateRip
2008-07-31 12:16 . 2008-07-31 12:16 9,557 --a------ I:\WINDOWS\EAC.CFG
2008-07-31 11:55 . 2008-07-31 11:55 164,112 --a------ I:\WINDOWS\system32\wnaspi32.dll
2008-07-27 17:41 . 2008-07-27 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Media Player Classic
2008-07-27 09:19 . 2008-08-31 14:00 <REP> d-------- I:\Program Files\Mozilla Thunderbird
2008-07-27 09:19 . 2008-07-27 09:19 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Thunderbird
2008-07-26 11:03 . 2008-07-26 11:03 <REP> d--h----- I:\WINDOWS\PIF
2008-07-26 09:47 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brownie
2008-07-26 09:46 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brother
2008-07-26 09:46 . 2004-10-12 01:24 188,416 --a------ I:\WINDOWS\system32\Pdrvinst.dll
2008-07-26 09:46 . 2002-10-31 01:09 81,920 --a------ I:\WINDOWS\system32\BrWebIns.dll
2008-07-26 09:46 . 2003-07-03 01:08 65,536 --a------ I:\WINDOWS\system32\BRWEBUP.EXE
2008-07-26 09:46 . 2008-04-13 20:47 25,856 --------- I:\WINDOWS\system32\drivers\usbprint.sys
2008-07-26 09:46 . 2008-07-26 09:46 425 --a------ I:\WINDOWS\BRWMARK.INI
2008-07-26 09:46 . 2008-07-26 09:46 34 --a------ I:\WINDOWS\system32\BD2030.DAT
2008-07-25 15:17 . 2008-08-17 10:41 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
2008-07-25 13:07 . 2008-07-25 13:07 <REP> d-------- I:\Program Files\CCleaner
2008-07-25 12:20 . 2008-07-25 12:20 <REP> d-------- I:\Program Files\Lavasoft
2008-07-25 12:20 . 2008-07-25 12:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 12:19 . 2008-07-25 12:19 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-25 12:06 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-25 12:06 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
2008-07-25 12:06 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-24 20:32 . 2008-07-24 20:35 1,143 --a------ I:\WINDOWS\mozver.dat
2008-07-24 17:54 . 2008-07-25 12:57 <REP> d-------- I:\Documents and Settings\All Users\Application Data\part dead amok eggs
2008-07-24 17:41 . 2008-07-24 17:53 <REP> d-------- I:\Documents and Settings\Vincent Villy\Contacts
2008-07-24 17:34 . 2008-08-18 22:06 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-24 17:28 . 2008-07-25 12:56 <REP> d-------- I:\Program Files\Windows Live
2008-07-24 17:28 . 2008-07-24 17:34 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-24 17:28 . 2008-07-24 17:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-24 16:52 . 2008-07-24 16:52 <REP> d---s---- I:\Documents and Settings\Vincent Villy\UserData
2008-07-24 16:30 . 2008-07-24 16:30 <REP> d-------- I:\Program Files\MSXML 4.0
2008-07-24 15:23 . 2008-07-24 15:23 <REP> d-------- I:\Program Files\Enregistrer sous
2008-07-24 14:34 . 2008-07-24 19:11 <REP> dr------- I:\WINDOWS\system32\000 - Icones
2008-07-24 13:26 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
2008-07-24 13:26 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
2008-07-24 13:25 . 2008-05-08 16:02 203,136 -----c--- I:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-24 13:21 . 2008-07-24 13:21 <REP> d-------- I:\Program Files\RocketDock
2008-07-23 20:42 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
2008-07-23 20:42 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-23 19:27 . 2008-07-23 19:27 228 --a------ I:\WINDOWS\CCPen200.ini
2008-07-23 19:25 . 2008-07-23 19:25 <REP> d-------- I:\WINDOWS\system32\URTTEMP
2008-07-23 19:07 . 2005-02-14 15:27 32,408 --------- I:\WINDOWS\system32\drivers\pendfu.sys
2008-07-23 18:51 . 2008-07-24 13:59 <REP> d-------- I:\Program Files\uTorrent
2008-07-23 18:51 . 2008-08-31 14:44 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\uTorrent
2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Program Files\QuickTime Alternative
2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-23 18:45 . 2008-05-27 10:50 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
2008-07-23 18:45 . 2008-05-27 10:50 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Program Files\Team MediaPortal
2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-07-23 18:14 . 2008-07-23 18:14 0 --a------ I:\WINDOWS\ccwinpay.INI
2008-07-23 18:08 . 2008-07-23 18:08 <REP> d-------- I:\Program Files\Microsoft WSE
2008-07-23 18:08 . 2008-08-22 17:13 <REP> d-------- I:\Program Files\Fichiers communs\C-CHANNEL
2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Program Files\C-CHANNEL
2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\C-CHANNEL
2008-07-23 17:41 . 2008-07-23 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\IrfanView
2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Program Files\VideoLAN
2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\vlc
2008-07-23 17:10 . 2008-07-23 17:12 <REP> d-------- I:\WINDOWS\SHELLNEW
2008-07-23 17:10 . 2008-08-29 07:22 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-23 17:09 . 2008-07-23 17:09 <REP> dr-h----- I:\MSOCache
2008-07-23 16:19 . 2008-07-23 16:20 <REP> d-------- I:\Program Files\MozBackup
2008-07-23 16:07 . 2008-07-23 16:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-23 16:03 . 2008-07-23 16:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-23 16:01 . 2008-07-23 16:01 <REP> d-------- I:\Program Files\My Company Name
2008-07-23 16:00 . 2008-07-23 16:03 <REP> d-------- I:\WINDOWS\nview
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 11:03 --------- d-----w I:\Program Files\Realtek
2008-07-23 09:37 --------- d-----w I:\Program Files\microsoft frontpage
2008-07-23 09:35 --------- d-----w I:\Program Files\Services en ligne
2008-07-23 09:29 --------- d-----w I:\Program Files\Windows Plus
2008-07-07 20:28 253,952 ----a-w I:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2008-05-16 09:58 12,632 ----a-w I:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:55 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w I:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w I:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ------w I:\WINDOWS\system32\quartz.dll
2006-06-23 06:48 32,768 ----a-r I:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-30_19.33.19.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-30 18:00:31 262,144 ----a-w I:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-05-09 11:15:51 45,376 ----a-w I:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w I:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w I:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w I:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="I:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"MediaPortal Shell"="I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [2006-09-22 08:57 200704]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"strapl"="I:\WINDOWS\system32\kfcfsdgj.exe" [2008-08-29 14:13 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="I:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMAXPnP"="I:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"JMB36X Configure"="I:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 I:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
C-CHANNEL OnlineUpdate.lnk - I:\Program Files\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe [2008-07-23 18:08:58 993096]
PayPen.lnk - I:\Program Files\C-CHANNEL\PayPen\PayPen.exe [2006-08-18 10:16:24 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= I:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MsgCfgUi"= {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll [2008-08-29 14:13 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 PayPen;PayPen;I:\WINDOWS\system32\Drivers\PayPen.sys [2005-02-16 08:53]
R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 pendfu;PenDfu (pendfu.sys);I:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 15:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3180ad7-58a3-11dd-bb0a-806d6172696f}]
\Shell\AutoRun\command - G:\ASUSACPI.exe
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\Vincent Villy\Application Data\Mozilla\Firefox\Profiles\e3z9n9p8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.karloff.ch/wd110awp/wd110awp.exe/connect/EKARLOFF
FF -: plugin - I:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - I:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - I:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - I:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 14:47:37
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-31 14:48:07
ComboFix-quarantined-files.txt 2008-08-31 12:48:01
ComboFix2.txt 2008-08-30 17:33:41
Pre-Run: 38,515,671,040 octets libres
Post-Run: 38,502,522,880 octets libres
241 --- E O F --- 2008-08-29 05:22:15
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
LE PC n'a pas redemaré Voici le log
ComboFix 08-08-30.03 - Vincent Villy 2008-08-31 15:57:11.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1573 [GMT 2:00]
Endroit: I:\Documents and Settings\Vincent Villy\Bureau\ComboFix.exe
Command switches used :: I:\Documents and Settings\Vincent Villy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\Documents and Settings\All Users\Application Data\ytohqzuh
I:\Program Files\avbjzde
I:\Program Files\avbjzde\MsgCfgUi.dll
I:\WINDOWS\system32\kfcfsdgj.exe
I:\WINDOWS\system32\yhwfwfsj.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Program Files\Avira
2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Avira
2008-08-30 16:56 . 2008-08-30 16:56 <REP> d-------- I:\Program Files\VirtualDub-1.6.18
2008-08-30 15:45 . 2008-08-30 15:45 <REP> d-------- I:\Program Files\Trend Micro
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Malwarebytes
2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 13:03 . 2008-08-17 15:01 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 13:03 . 2008-08-17 15:01 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 12:57 . 2008-08-30 13:02 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 10:11 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\system32\ZoneLabs
2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-30 10:11 . 2004-04-27 04:40 11,264 --a------ I:\WINDOWS\system32\SpOrder.dll
2008-08-30 10:11 . 2008-08-30 10:13 4,212 ---h----- I:\WINDOWS\system32\zllictbl.dat
2008-08-30 10:11 . 2008-08-30 20:39 335 --a------ I:\WINDOWS\system32\vsconfig.xml
2008-08-30 10:10 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\Internet Logs
2008-08-30 09:55 . 2008-08-30 09:55 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Jetico Personal Firewall
2008-08-29 15:06 . 2008-08-29 15:06 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytefapsl
2008-08-25 23:30 . 2008-08-31 11:05 <REP> d-------- I:\Program Files\CDisplay
2008-08-20 17:13 . 2008-08-20 17:13 <REP> d-------- I:\Program Files\SHARP
2008-08-18 22:07 . 2008-08-18 22:08 <REP> d-------- I:\Documents and Settings\Vincent Villy\Logitech
2008-08-18 22:06 . 2008-08-18 22:06 <REP> d-------- I:\Program Files\Fichiers communs\Remote Control USB Driver
2008-08-17 11:31 . 2004-03-29 17:23 90,112 --a------ I:\WINDOWS\unvise32.exe
2008-08-17 10:43 . 2008-08-17 10:43 <REP> d-------- I:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-17 10:39 . 2008-08-17 10:39 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ALM
2008-08-17 10:33 . 2008-08-30 17:57 <REP> d-------- I:\Program Files\Bonjour
2008-08-17 10:30 . 2008-08-17 10:30 <REP> d-------- I:\Program Files\Fichiers communs\Macrovision Shared
2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- I:\Program Files\Yahoo!
2008-08-14 13:52 . 2008-08-14 13:52 <REP> d-------- I:\Program Files\MSECache
2008-08-13 22:48 . 2008-05-01 16:36 331,776 -----c--- I:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 18:04 . 2008-08-11 18:04 <REP> d-------- I:\Program Files\InfraRecorder
2008-08-11 18:04 . 2008-08-11 18:24 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\InfraRecorder
2008-08-05 19:14 . 2008-08-17 08:10 <REP> d-------- I:\Program Files\MediaCoder
2008-08-04 12:21 . 2008-08-04 16:27 <REP> d-------- I:\Program Files\Gabest
2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Real Alternative
2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Haali
2008-08-04 12:08 . 2008-08-04 12:08 <REP> d-------- I:\Program Files\ffdshow
2008-08-04 12:08 . 2007-01-01 00:00 60,273 --a------ I:\WINDOWS\system32\pthreadGC2.dll
2008-08-04 12:08 . 2007-12-15 16:11 7,680 --a------ I:\WINDOWS\system32\ff_vfw.dll
2008-08-04 12:08 . 2007-12-15 16:11 6,144 --a------ I:\WINDOWS\system32\ff_acm.acm
2008-08-04 12:08 . 2007-01-01 00:00 547 --a------ I:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-02 17:04 . 2008-08-08 17:36 <REP> d-------- I:\Program Files\musikCube_1.0
2008-08-02 17:03 . 2008-08-30 10:36 <REP> d-------- I:\Documents and Settings\Vincent Villy\.musikproject
2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a--c--- I:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a--c--- I:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr-fr
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\bits
2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\l2schemas
2008-08-01 06:58 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
2008-07-31 12:23 . 2008-07-31 12:23 <REP> d-------- I:\Program Files\Exact Audio Copy
2008-07-31 12:23 . 2008-07-31 13:28 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\AccurateRip
2008-07-31 12:16 . 2008-07-31 12:16 9,557 --a------ I:\WINDOWS\EAC.CFG
2008-07-31 11:55 . 2008-07-31 11:55 164,112 --a------ I:\WINDOWS\system32\wnaspi32.dll
2008-07-27 17:41 . 2008-07-27 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Media Player Classic
2008-07-27 09:19 . 2008-08-31 14:00 <REP> d-------- I:\Program Files\Mozilla Thunderbird
2008-07-27 09:19 . 2008-07-27 09:19 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Thunderbird
2008-07-26 11:03 . 2008-07-26 11:03 <REP> d--h----- I:\WINDOWS\PIF
2008-07-26 09:47 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brownie
2008-07-26 09:46 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brother
2008-07-26 09:46 . 2004-10-12 01:24 188,416 --a------ I:\WINDOWS\system32\Pdrvinst.dll
2008-07-26 09:46 . 2002-10-31 01:09 81,920 --a------ I:\WINDOWS\system32\BrWebIns.dll
2008-07-26 09:46 . 2003-07-03 01:08 65,536 --a------ I:\WINDOWS\system32\BRWEBUP.EXE
2008-07-26 09:46 . 2008-04-13 20:47 25,856 --------- I:\WINDOWS\system32\drivers\usbprint.sys
2008-07-26 09:46 . 2008-07-26 09:46 425 --a------ I:\WINDOWS\BRWMARK.INI
2008-07-26 09:46 . 2008-07-26 09:46 34 --a------ I:\WINDOWS\system32\BD2030.DAT
2008-07-25 15:17 . 2008-08-17 10:41 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
2008-07-25 13:07 . 2008-07-25 13:07 <REP> d-------- I:\Program Files\CCleaner
2008-07-25 12:20 . 2008-07-25 12:20 <REP> d-------- I:\Program Files\Lavasoft
2008-07-25 12:20 . 2008-07-25 12:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 12:19 . 2008-07-25 12:19 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-25 12:06 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-25 12:06 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
2008-07-25 12:06 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-24 20:32 . 2008-07-24 20:35 1,143 --a------ I:\WINDOWS\mozver.dat
2008-07-24 17:54 . 2008-07-25 12:57 <REP> d-------- I:\Documents and Settings\All Users\Application Data\part dead amok eggs
2008-07-24 17:41 . 2008-07-24 17:53 <REP> d-------- I:\Documents and Settings\Vincent Villy\Contacts
2008-07-24 17:34 . 2008-08-18 22:06 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-24 17:28 . 2008-07-25 12:56 <REP> d-------- I:\Program Files\Windows Live
2008-07-24 17:28 . 2008-07-24 17:34 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-24 17:28 . 2008-07-24 17:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-24 16:52 . 2008-07-24 16:52 <REP> d---s---- I:\Documents and Settings\Vincent Villy\UserData
2008-07-24 16:30 . 2008-07-24 16:30 <REP> d-------- I:\Program Files\MSXML 4.0
2008-07-24 15:23 . 2008-07-24 15:23 <REP> d-------- I:\Program Files\Enregistrer sous
2008-07-24 14:34 . 2008-07-24 19:11 <REP> dr------- I:\WINDOWS\system32\000 - Icones
2008-07-24 13:26 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
2008-07-24 13:26 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
2008-07-24 13:25 . 2008-05-08 16:02 203,136 -----c--- I:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-24 13:21 . 2008-07-24 13:21 <REP> d-------- I:\Program Files\RocketDock
2008-07-23 20:42 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
2008-07-23 20:42 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-23 19:27 . 2008-07-23 19:27 228 --a------ I:\WINDOWS\CCPen200.ini
2008-07-23 19:25 . 2008-07-23 19:25 <REP> d-------- I:\WINDOWS\system32\URTTEMP
2008-07-23 19:07 . 2005-02-14 15:27 32,408 --------- I:\WINDOWS\system32\drivers\pendfu.sys
2008-07-23 18:51 . 2008-07-24 13:59 <REP> d-------- I:\Program Files\uTorrent
2008-07-23 18:51 . 2008-08-31 15:56 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\uTorrent
2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Program Files\QuickTime Alternative
2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-23 18:45 . 2008-05-27 10:50 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
2008-07-23 18:45 . 2008-05-27 10:50 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Program Files\Team MediaPortal
2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-07-23 18:14 . 2008-07-23 18:14 0 --a------ I:\WINDOWS\ccwinpay.INI
2008-07-23 18:08 . 2008-07-23 18:08 <REP> d-------- I:\Program Files\Microsoft WSE
2008-07-23 18:08 . 2008-08-22 17:13 <REP> d-------- I:\Program Files\Fichiers communs\C-CHANNEL
2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Program Files\C-CHANNEL
2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\C-CHANNEL
2008-07-23 17:41 . 2008-07-23 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\IrfanView
2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Program Files\VideoLAN
2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\vlc
2008-07-23 17:10 . 2008-07-23 17:12 <REP> d-------- I:\WINDOWS\SHELLNEW
2008-07-23 17:10 . 2008-08-29 07:22 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-23 17:09 . 2008-07-23 17:09 <REP> dr-h----- I:\MSOCache
2008-07-23 16:19 . 2008-07-23 16:20 <REP> d-------- I:\Program Files\MozBackup
2008-07-23 16:07 . 2008-07-23 16:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-23 16:03 . 2008-07-23 16:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-23 16:01 . 2008-07-23 16:01 <REP> d-------- I:\Program Files\My Company Name
2008-07-23 16:00 . 2008-07-23 16:03 <REP> d-------- I:\WINDOWS\nview
2008-07-23 16:00 . 2006-06-01 11:22 208,896 --a------ I:\WINDOWS\system32\nvudisp.exe
2008-07-23 16:00 . 2008-08-31 07:29 63,804 --a------ I:\WINDOWS\system32\nvapps.xml
2008-07-23 16:00 . 2006-06-01 11:22 16,960 --a------ I:\WINDOWS\system32\nvdisp.nvu
2008-07-23 15:57 . 2006-06-01 19:09 208,896 --a------ I:\WINDOWS\system32\NVUNINST.EXE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 11:03 --------- d-----w I:\Program Files\Realtek
2008-07-23 09:37 --------- d-----w I:\Program Files\microsoft frontpage
2008-07-23 09:35 --------- d-----w I:\Program Files\Services en ligne
2008-07-23 09:29 --------- d-----w I:\Program Files\Windows Plus
2008-07-07 20:28 253,952 ----a-w I:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2008-05-16 09:58 12,632 ----a-w I:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:55 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w I:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w I:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ------w I:\WINDOWS\system32\quartz.dll
2006-06-23 06:48 32,768 ----a-r I:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-30_19.33.19.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-30 18:00:31 262,144 ----a-w I:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-05-09 11:15:51 45,376 ----a-w I:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w I:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w I:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w I:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="I:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"MediaPortal Shell"="I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [2006-09-22 08:57 200704]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="I:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMAXPnP"="I:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"JMB36X Configure"="I:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 I:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
C-CHANNEL OnlineUpdate.lnk - I:\Program Files\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe [2008-07-23 18:08:58 993096]
PayPen.lnk - I:\Program Files\C-CHANNEL\PayPen\PayPen.exe [2006-08-18 10:16:24 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= I:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 PayPen;PayPen;I:\WINDOWS\system32\Drivers\PayPen.sys [2005-02-16 08:53]
R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 pendfu;PenDfu (pendfu.sys);I:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 15:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3180ad7-58a3-11dd-bb0a-806d6172696f}]
\Shell\AutoRun\command - G:\ASUSACPI.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 15:57:56
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-31 15:58:23
ComboFix-quarantined-files.txt 2008-08-31 13:58:15
ComboFix2.txt 2008-08-31 12:48:07
ComboFix3.txt 2008-08-30 17:33:41
Pre-Run: 38,492,454,912 octets libres
Post-Run: 38,480,867,328 octets libres
233 --- E O F --- 2008-08-29 05:22:15
Reposte un rapport Hijackthis.
Répondre à Angeldark
Je crois que les trojan on disparu car depuis la derniere manip que tu m'as fait faire je n'ai pas eu de fenetre s'ouvrant disant que y avait un trojan patati patata .........
mais bon j'ai encore un doute Voici mon log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:48, on 31.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Analog Devices\Core\smax4pnp.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\RocketDock\RocketDock.exe
I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\WINDOWS\ATKKBService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\dllhost.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Opera\opera.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
O4 - Global Startup: PayPen.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - I:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5546 bytes
Tu as encore des soucis ?
Répondre à Angeldark
non ca a disparu
merci beaucoup
encore une question
par rappport a opera aurait tu des conseils pour la securité ????
encore merci
Nan, je ne connais pas grand chose sur Opera 
Répondre à Angeldark
ok merci Je met resolu ???
Ouaip 
Répondre à Angeldark
ok merci Je met resolu ???
Bah oui je t'ai répondu.
Répondre à Angeldark
j'ai le même problème je me suis débarrassé du fichier trojan-downloader.win32.agent.bq mais me reste ce pop up pour aller acheter en ligne de quoi se désinfecter.
Que dois je faire pour stopper cela ? La même chose ?
d'avance merci !
Message édité par Angeldark le 06-09-2008 à 12:14:59
Répondre à korvidal
Chacun son sujet.
Répondre à Angeldark
Il y a 2709 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
