Tom's Guide > Forum > Sécurité - Virus > pb virus win32:Trojan-gen{other}

pb virus win32:Trojan-gen{other}

Forum Sécurité - Virus : pb virus win32:Trojan-gen{other}

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Seb_Goku   05-09-2008 à 20:41:27

Bonjour,

il y a quelques jours avast a détecter le virus win32:Trojan-gen{other} virus sur mon pc

mais apparemment il n'a pas été supprimé,
j'ai régulierement des pertes de connexion,
et je ne peux meme pas poster sur certain forum (dont celui-ci ...)

voici le log que j'ai obtenu en lancant HiJackThis sur mon pc,
j'espere que quelqu'un pourra m'aider

merci

----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:34, on 05/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\LClock\lclock.exe
C:\Garmin\gStart.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [AdVantage] "F:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/d [...] DEXAXO.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6863 bytes

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   05-09-2008 à 21:02:24
- 0 +

Bonjour,

Tu as l'emplacement ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   05-09-2008 à 21:30:22
- 0 +

l'emplacement du virus ?
non,
je n'ai plus d'alerte,
mais j'ai des soucis de connexion depuis

Répondre à Seb_Goku
Seb_Goku   06-09-2008 à 11:45:05
- 0 +

personne ne peux m'aider alors ?

Répondre à Seb_Goku
Angeldark   06-09-2008 à 12:13:15
- 1 +

Je ne pense pas qu'un virus soit à l'origine de ça.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   06-09-2008 à 12:55:29
- 0 +

merci, je vais essayer ca tout a l'heure

Répondre à Seb_Goku
Seb_Goku   06-09-2008 à 23:37:06
- 0 +

il y avait bien un virus,

j'espere que c'est bon maintenant

mais le rapport qui a été enregistré est celui avant la mise en quarantaine et suppréssion des fichiers infectés
(j'ai enregistré le rapport avant et après la suppression, mais j'ai trouvé que 1 des rapports, bizarre)

je vais peut etre le refaire du coup, si ca sert a quelque chose.

-------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1120
Windows 5.1.2600 Service Pack 3

06/09/2008 23:05:44
mbam-log-2008-09-06 (23-05-15).txt

Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 113003
Temps écoulé: 14 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
F:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.

Fichier(s) infecté(s):
F:\WINDOWS\eaxf.exe (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
F:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
F:\WINDOWS\rqbmvpso.dll (Trojan.FakeAlert) -> No action taken.

Répondre à Seb_Goku
Seb_Goku   07-09-2008 à 13:52:01
- 0 +

mon probleme semble etre résolu,
merci beaucoup pour votre aide ;)

Répondre à Seb_Goku
Angeldark   07-09-2008 à 16:35:53
- 0 +

On n'a pas terminé !

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   08-09-2008 à 23:01:33
- 0 +

voila :



ComboFix 08-09-05.09 - Seb 2008-09-08 22:43:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1578 [GMT 2:00]
Endroit: F:\Documents and Settings\Seb\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-08 to 2008-09-08 ))))))))))))))))))))))))))))))))))))
.

2008-09-08 21:09 . 2008-09-08 21:16 <REP> d-------- F:\Program Files\eMule
2008-09-06 22:43 . 2008-09-06 22:43 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 22:43 . 2008-09-06 22:43 <REP> d-------- F:\Documents and Settings\Seb\Application Data\Malwarebytes
2008-09-06 22:43 . 2008-09-06 22:43 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 22:43 . 2008-09-02 00:16 38,528 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 22:43 . 2008-09-02 00:16 17,200 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-09-02 23:24 . 2008-09-02 23:24 <REP> d-------- F:\Program Files\Trend Micro
2008-08-31 14:45 . 2008-08-31 14:45 <REP> d-------- F:\Program Files\PHP Coder
2008-08-31 14:19 . 2008-08-31 14:19 <REP> d-------- F:\Program Files\FlashFXP
2008-08-31 14:19 . 2008-08-31 14:19 <REP> d-------- F:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-28 00:17 . 2008-08-28 00:18 <REP> d-------- F:\Program Files\Google
2008-08-14 23:28 . 2008-04-13 19:33 159,232 --a------ F:\WINDOWS\system32\ptpusd.dll
2008-08-14 23:28 . 2001-08-23 17:47 5,632 --a------ F:\WINDOWS\system32\ptpusb.dll
2008-08-14 01:07 . 2008-04-13 20:33 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-08-14 01:07 . 2005-06-28 10:21 22,752 --a------ F:\WINDOWS\system32\spupdsvc.exe
2008-08-14 00:20 . 2008-07-07 22:28 253,952 --------- F:\WINDOWS\system32\dllcache\es.dll
2008-08-14 00:20 . 2008-06-24 18:44 74,240 --------- F:\WINDOWS\system32\dllcache\mscms.dll
2008-08-14 00:13 . 2008-04-11 21:05 691,712 --------- F:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 00:03 . 2008-08-13 00:03 <REP> d-------- F:\Program Files\Fichiers communs\Hewlett-Packard
2008-08-13 00:03 . 2008-04-13 11:45 15,104 --a------ F:\WINDOWS\system32\drivers\usbscan.sys
2008-08-13 00:03 . 2008-04-13 11:45 15,104 --a------ F:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-13 00:02 . 2008-08-13 00:02 <REP> d-------- F:\Program Files\HP
2008-08-13 00:02 . 2004-09-29 12:12 278,584 --a------ F:\WINDOWS\system32\HPZidr12.dll
2008-08-13 00:02 . 2004-09-29 12:15 204,800 --a------ F:\WINDOWS\system32\HPZipr12.dll
2008-08-13 00:02 . 2004-09-29 12:09 94,208 --a------ F:\WINDOWS\system32\HPZipt12.dll
2008-08-13 00:02 . 2004-09-29 12:14 69,632 --a------ F:\WINDOWS\system32\HPZipm12.exe
2008-08-13 00:02 . 2004-09-29 12:08 61,440 --a------ F:\WINDOWS\system32\HPZinw12.exe
2008-08-13 00:02 . 2004-09-29 12:09 57,344 --a------ F:\WINDOWS\system32\HPZisn12.dll
2008-08-12 23:58 . 2008-08-13 00:05 102,903 --a------ F:\WINDOWS\hpoins05.dat
2008-08-12 23:58 . 2005-06-22 08:27 17,505 --------- F:\WINDOWS\hpomdl07.dat
2008-08-12 22:52 . 2008-04-13 11:45 32,128 --a------ F:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-12 22:52 . 2008-04-13 11:45 32,128 --a------ F:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-12 22:52 . 2008-04-13 11:47 25,856 --a------ F:\WINDOWS\system32\drivers\usbprint.sys
2008-08-12 22:52 . 2008-04-13 11:47 25,856 --a------ F:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-10 01:21 . 2008-09-08 22:46 <REP> d-------- F:\Documents and Settings\Seb\Application Data\OpenOffice.org2
2008-08-09 23:42 . 2008-08-09 23:42 <REP> d-------- F:\Program Files\OpenOffice.org 2.4
2008-08-09 23:42 . 2008-08-09 23:42 <REP> d-------- F:\Program Files\Java
2008-08-09 23:42 . 2008-08-09 23:42 <REP> d-------- F:\Program Files\Fichiers communs\Java
2008-08-09 23:42 . 2007-12-14 01:59 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-08-09 21:01 . 2008-08-09 21:01 <REP> d-------- F:\Program Files\K-Lite Codec Pack
2008-08-09 20:56 . 2008-08-09 22:50 <REP> d-------- F:\Documents and Settings\Seb\Contacts
2008-08-09 20:55 . 2008-08-09 20:55 <REP> d----c--- F:\WINDOWS\system32\DRVSTORE
2008-08-09 20:52 . 2008-08-09 20:54 <REP> d-------- F:\Program Files\Windows Live
2008-08-09 20:52 . 2008-08-09 20:54 <REP> d--hsc--- F:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-09 20:52 . 2008-08-09 20:52 <REP> d-------- F:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-09 20:47 . 2008-08-09 17:19 <REP> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Voisinage r‚seau
2008-08-09 20:47 . 2008-08-09 17:19 <REP> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Voisinage d'impression
2008-08-09 20:47 . 2008-08-09 15:24 <REP> d--h----- F:\Documents and Settings\LogMeInRemoteUser\ModŠles
2008-08-09 20:47 . 2008-08-09 17:19 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser\Mes documents
2008-08-09 20:47 . 2008-08-09 17:19 <REP> dr------- F:\Documents and Settings\LogMeInRemoteUser\Menu D‚marrer
2008-08-09 20:47 . 2008-08-09 17:19 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser\Favoris
2008-08-09 20:47 . 2008-08-09 17:19 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser\Bureau
2008-08-09 20:47 . 2008-08-09 20:53 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser
2008-08-09 20:38 . 2008-08-09 20:38 <REP> d-------- F:\Program Files\GigaTribe
2008-08-09 20:38 . 2008-08-09 20:38 <REP> d-------- F:\Documents and Settings\Seb\Application Data\GigaTribe
2008-08-09 20:35 . 2008-08-09 20:35 <REP> d-------- F:\Documents and Settings\All Users\Application Data\LogMeIn
2008-08-09 20:33 . 2008-05-28 12:33 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll
2008-08-09 20:33 . 2008-03-07 13:39 45,848 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-08-09 20:33 . 2008-05-28 12:32 24,608 --a------ F:\WINDOWS\system32\LMIport.dll
2008-08-09 20:32 . 2008-09-08 00:45 <REP> d-------- F:\Program Files\LogMeIn
2008-08-09 20:32 . 2008-05-28 12:32 87,352 --a------ F:\WINDOWS\system32\LMIinit.dll
2008-08-09 18:50 . 2008-08-09 18:50 <REP> d-------- F:\Documents and Settings\Seb\Application Data\GARMIN
2008-08-09 18:50 . 2008-08-09 18:50 <REP> d-------- F:\Documents and Settings\All Users\Application Data\GARMIN
2008-08-09 18:49 . 2008-08-09 18:49 <REP> d-------- F:\Garmin
2008-08-09 18:49 . 2007-03-08 17:18 18,432 --a------ F:\WINDOWS\system32\drivers\grmngen.sys
2008-08-09 18:49 . 2007-03-08 17:18 8,320 --a------ F:\WINDOWS\system32\drivers\grmnusb.sys
2008-08-09 18:48 . 2008-08-09 18:48 <REP> d-------- F:\Program Files\Zone Five Software
2008-08-09 18:29 . 2008-08-09 18:29 <REP> d-------- F:\Program Files\Reference Assemblies
2008-08-09 18:29 . 2008-08-09 18:29 <REP> d-------- F:\Program Files\Microsoft.NET
2008-08-09 18:08 . 2008-08-09 18:08 <REP> d-------- F:\Program Files\Webteh
2008-08-09 18:08 . 2008-08-09 18:08 <REP> d-------- F:\Program Files\AdVantage
2008-08-09 18:05 . 2008-08-09 18:05 <REP> d-------- F:\Documents and Settings\Seb\Application Data\AVS4YOU
2008-08-09 18:05 . 2008-08-09 18:05 <REP> d-------- F:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-09 18:04 . 2008-08-09 18:05 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-08-09 18:04 . 2008-08-09 18:05 <REP> d-------- F:\Program Files\AVS4YOU
2008-08-09 18:04 . 2007-02-27 19:36 1,700,352 --a------ F:\WINDOWS\system32\GdiPlus.dll
2008-08-09 18:04 . 2007-02-27 19:36 974,848 --a------ F:\WINDOWS\system32\mfc70.dll
2008-08-09 18:04 . 2007-02-27 19:36 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-08-09 18:04 . 2007-02-27 19:36 344,064 --a------ F:\WINDOWS\system32\msvcr70.dll
2008-08-09 18:04 . 2007-02-27 19:36 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-08-09 16:39 . 2001-09-19 07:32 720,896 --a------ F:\WINDOWS\system32\dllcache\a3d.dll
2008-08-09 16:38 . 2004-01-28 10:21 5,824 --a------ F:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-08-09 16:38 . 2008-08-09 16:41 4,201 --a------ F:\WINDOWS\Ascd_tmp.ini
2008-08-09 16:29 . 2008-08-09 16:29 <REP> d-------- F:\Program Files\Alwil Software
2008-08-09 16:24 . 2008-08-14 01:08 <REP> d--h----- F:\WINDOWS\$hf_mig$
2008-08-09 16:24 . 2008-06-20 13:51 361,600 --------- F:\WINDOWS\system32\dllcache\tcpip.sys
2008-08-09 16:24 . 2008-06-20 19:47 247,808 --------- F:\WINDOWS\system32\dllcache\mswsock.dll
2008-08-09 16:24 . 2008-06-20 13:08 225,856 --------- F:\WINDOWS\system32\dllcache\tcpip6.sys
2008-08-09 16:24 . 2008-06-20 19:47 147,968 --------- F:\WINDOWS\system32\dllcache\dnsapi.dll
2008-08-09 16:24 . 2008-06-20 13:40 138,496 --------- F:\WINDOWS\system32\dllcache\afd.sys
2008-08-09 16:23 . 2008-06-14 19:40 272,768 --------- F:\WINDOWS\system32\dllcache\bthport.sys
2008-08-09 16:09 . 1998-11-13 13:16 308,224 --a------ F:\WINDOWS\IsUn040c.exe
2008-08-09 16:09 . 2003-10-03 16:28 45,056 --a------ F:\WINDOWS\system32\vusetup.dll
2008-08-09 16:09 . 2003-08-04 15:29 11,392 --a------ F:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-09 16:09 . 2003-08-04 15:29 6,912 --a------ F:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-09 16:07 . 2004-10-22 11:28 204,800 --a------ F:\WINDOWS\system32\VProPage.dll
2008-08-09 16:07 . 2004-10-22 11:28 40,192 --a------ F:\WINDOWS\system32\drivers\vIdePort.sys
2008-08-09 16:07 . 2004-10-22 11:28 25,600 --a------ F:\WINDOWS\system32\vIdeInst.dll
2008-08-09 16:07 . 2004-10-22 11:28 15,232 --a------ F:\WINDOWS\system32\drivers\vIdeBus.sys
2008-08-09 16:06 . 2005-06-27 08:32 234,752 --a------ F:\WINDOWS\system32\drivers\yk51x86.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 23:42 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-09 15:35 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-08-09 13:59 --------- d-----w F:\Program Files\VIA
2008-08-09 13:59 --------- d-----w F:\Program Files\InstallShield Installation Information
2008-08-09 13:55 --------- d-----w F:\Program Files\ASUS
2008-08-09 13:31 --------- d-----w F:\Program Files\microsoft frontpage
2008-08-09 13:28 --------- d-----w F:\Program Files\LClock
2008-08-09 13:26 --------- d-----w F:\Program Files\Services en ligne
2008-08-09 13:24 --------- d-----w F:\Program Files\Windows Media Connect 2
2008-07-23 13:24 446,464 ----a-w F:\WINDOWS\system32\NVUNINST.EXE
2008-07-18 20:10 94,920 ----a-w F:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w F:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w F:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w F:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w F:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w F:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w F:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w F:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w F:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w F:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w F:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w F:\WINDOWS\system32\es.dll
2008-07-04 00:33 3,127 ----a-w F:\WINDOWS\system32\presetup.cmd
2008-07-04 00:33 28,672 ----a-w F:\WINDOWS\system32\setupold.exe
2008-06-24 16:44 74,240 ----a-w F:\WINDOWS\system32\mscms.dll
2008-06-23 08:23 70,656 ------w F:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 08:23 625,664 ------w F:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 08:23 13,824 ------w F:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w F:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w F:\WINDOWS\system32\mswsock.dll
2008-06-20 09:00 218,624 ----a-w F:\WINDOWS\system32\uxtheme.dll
2008-06-20 07:18 2,783,744 ----a-w F:\WINDOWS\system32\winntbbu.dll
2008-06-19 17:27 1,368,576 ----a-w F:\WINDOWS\system32\msgina.dll
2008-06-19 12:56 142,336 ----a-w F:\WINDOWS\system32\sfc_os.dll
2008-06-19 12:56 1,013,248 ----a-w F:\WINDOWS\system32\syssetup.dll
2008-06-19 12:40 99,840 ----a-w F:\WINDOWS\system32\wmpshell.dll
2008-06-19 12:40 8,292,352 ----a-w F:\WINDOWS\system32\wmploc.dll
2008-06-19 12:40 603,648 ----a-w F:\WINDOWS\system32\wmspdmod.dll
2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmvdmoe2.dll
2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmvdmod.dll
2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmsdmoe2.dll
2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmsdmod.dll
2008-06-19 12:40 314,880 ----a-w F:\WINDOWS\system32\wmpdxm.dll
2008-06-19 12:40 242,688 ----a-w F:\WINDOWS\system32\wmpasf.dll
2008-06-19 12:40 1,329,152 ----a-w F:\WINDOWS\system32\wmspdmoe.dll
2008-06-19 12:38 8,704 ----a-w F:\WINDOWS\system32\wdfmgr.exe
2008-06-12 18:36 7,680 ----a-w F:\WINDOWS\system32\ff_vfw.dll
2008-06-10 12:08 78,336 ----a-w F:\WINDOWS\system32\ieencode.dll
2008-06-10 12:08 71,680 ----a-w F:\WINDOWS\system32\admparse.dll
2008-06-10 12:08 55,296 ----a-w F:\WINDOWS\system32\iesetup.dll
2008-06-10 12:08 48,128 ----a-w F:\WINDOWS\system32\mshtmler.dll
2008-06-10 12:08 45,568 ----a-w F:\WINDOWS\system32\mshta.exe
2008-06-10 12:08 40,960 ----a-w F:\WINDOWS\system32\licmgr10.dll
2008-06-10 12:08 156,160 ----a-w F:\WINDOWS\system32\msls31.dll
2008-06-10 11:11 36,352 ----a-w F:\WINDOWS\system32\imgutil.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LClock"="F:\Program Files\LClock\lclock.exe" [2004-09-19 65536]
"gStart"="C:\Garmin\gStart.exe" [2007-08-23 1891416]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-28 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="F:\Program Files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"LogMeIn GUI"="F:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Ptipbmf"="ptipbmf.dll" [2006-02-26 F:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2008-05-03 F:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
"LClock"="F:\Program Files\LClock\LClock.exe" [2004-09-19 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-23 F:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 F:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\GigaTribe\\gigatribe.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"F:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\utils\\E mule\\emulev0.46c-MorphXTv7.6-bin\\emule\\emule.exe"=
"F:\\Program Files\\eMule\\emule.exe"=

R0 fst376xp;fst376xp;F:\WINDOWS\system32\drivers\fst376xp.sys [2008-07-04 159744]
R0 vIdeBus;vIdeBus;F:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2004-10-22 15232]
R0 vIdePort;VIA IDE Controller PORT Driver;F:\WINDOWS\system32\DRIVERS\vIdePort.sys [2004-10-22 40192]
R0 videX32;videX32;F:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]

*Newly Created Service* - HELPSVC
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdVantage - F:\Program Files\AdVantage\AdVantage.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.fr/keyword/%s
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 22:46:08
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\LogMeIn\x86\ramaint.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.bin
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-08 22:47:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-08 20:47:02

Pre-Run: 2,887,745,536 octets libres
Post-Run: 3,160,678,400 octets libres

293 --- E O F --- 2008-08-20 19:49:33

Répondre à Seb_Goku
Angeldark   09-09-2008 à 12:55:08
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   09-09-2008 à 20:17:27
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:28, on 09/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\LClock\lclock.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Garmin\gStart.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/d [...] DEXAXO.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - F:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 6575 bytes

Répondre à Seb_Goku
Angeldark   09-09-2008 à 20:20:50
- 0 +

On va voir s'il reste du TDSSSERV.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   09-09-2008 à 21:44:27
- 0 +

Rapport SDFix


SDFix: Version 1.223
Run by Seb on 09/09/2008 at 21:34

Microsoft Windows XP [version 5.1.2600]
Running From: F:\Documents and Settings\Seb\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 21:37:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\GigaTribe\\gigatribe.exe"="F:\\Program Files\\GigaTribe\\gigatribe.exe:*:Enabled:gigatribe"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"F:\\Program Files\\FlashFXP\\FlashFXP.exe"="F:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\utils\\E mule\\emulev0.46c-MorphXTv7.6-bin\\emule\\emule.exe"="C:\\utils\\E mule\\emulev0.46c-MorphXTv7.6-bin\\emule\\emule.exe:*:Enabled:eMule"
"F:\\Program Files\\eMule\\emule.exe"="F:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\FlashFXP\\FlashFXP.exe"="F:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

Remaining Files :



Files with Hidden Attributes :


Finished!



----------------------------------------------------------------------------

Rapport HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:29, on 09/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\LClock\lclock.exe
C:\Garmin\gStart.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/d [...] DEXAXO.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - F:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 6505 bytes

Répondre à Seb_Goku
Angeldark   09-09-2008 à 22:00:41
- 0 +

On termine :)

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   09-09-2008 à 22:32:23
- 0 +

ok :)
je donnerai le resultat demain

Répondre à Seb_Goku
Seb_Goku   10-09-2008 à 00:26:08
- 0 +

j'ai l'impression que j'en ai pas fini avec les virus ... :(

------------------------------------------------------------------------------------
Rapport de Antivir :




Avira AntiVir Personal
Report file date: mardi 9 septembre 2008 23:34

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOME-6D756EC6B7

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: F:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 9 septembre 2008 23:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'gStart.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'raid_tool.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\' <70>
C:\@\Pinball\Autres\funp.zip
[0] Archive type: ZIP
--> NH.exe
[DETECTION] Contains recognition pattern of the DR/NavExcel.A.1 dropper
[NOTE] The file was moved to '4934ecb6.qua'!
C:\utils\eDonkey60.exe
[DETECTION] Contains recognition pattern of the DR/Ucmore.A.36 dropper
[NOTE] The file was moved to '4935f2a5.qua'!
C:\utils\tweak XP 3.rar
[0] Archive type: RAR
--> tweak-xp.pro.v3.0.2.online.check.remover.for.full.version.crack.rar
[1] Archive type: RAR
--> tweak-xp.pro.v3.0.2.online.check.remover.for.full.version.crack.exe
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '492bf2fa.qua'!
C:\utils\Proxy Hunter 1 + 2\ProxyHunter.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\ikernel.ex_
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\utils\Trillian\pluging\trillian\trillian.exe
[DETECTION] Is the TR/Virtl.TrillPass.A Trojan
[NOTE] The file was moved to '492ff413.qua'!
Begin scan in 'D:\' <76>
D:\@\dstroy.zip
[0] Archive type: ZIP
--> INSTALL.R00
[1] Archive type: RAR
--> DATA\MAINMENU.PM
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\@\dstroy\INSTALL.R00
[0] Archive type: RAR
--> DATA\MAINMENU.PM
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'F:\' <windows>
F:\hiberfil.sys
[WARNING] The file could not be opened!
F:\pagefile.sys
[WARNING] The file could not be opened!
F:\WINDOWS\inf\XPSP3Upd.inf
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4919f6d4.qua'!


End of the scan: mercredi 10 septembre 2008 00:21
Used time: 46:26 Minute(s)

The scan has been done completely.

6781 Scanning directories
425196 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
425188 Files not concerned
5902 Archives were scanned
6 Warnings
5 Notes

Répondre à Seb_Goku
Angeldark   10-09-2008 à 12:30:25
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   11-09-2008 à 02:19:32
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:16:23, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\LClock\lclock.exe
C:\Garmin\gStart.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/d [...] DEXAXO.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - F:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 6546 bytes

Répondre à Seb_Goku
Angeldark   11-09-2008 à 13:16:07
- 0 +

Tu as encore des soucis ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Seb_Goku   11-09-2008 à 21:27:19
- 0 +

apparemment non
c'est fini alors ?

Répondre à Seb_Goku
Seb_Goku   11-09-2008 à 21:34:30
- 0 +

cool :)
merci beaucoup pour ton aide précieuse

Répondre à Seb_Goku
Seb_Goku   11-09-2008 à 23:40:33
- 0 +

j'ai peut etre parlé trop vite ...
Antivir a encore trouvé un fichier infecté :(

Répondre à Seb_Goku
Seb_Goku   13-09-2008 à 00:52:39
- 0 +

je sais pas

je m'absente 1 semaine, je verrai a mon retour,
merci

Répondre à Seb_Goku
Angeldark   13-09-2008 à 12:55:24
- 0 +

Si je ne vois plus le sujet, envoie moi un MP.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > pb virus win32:Trojan-gen{other}
Aller à :

Il y a 2242 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,384 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens