Sujet Précédent Sujet Suivant

[Virus] trojan dowlader et agent 32

Matthios -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
voila jai exactement le meme probleme décrit jai essayer de suivre ta démarche avec vundo mais le seul probleme c'est que vundo ne sup^prime pas certain dll genre awtssrs.dll oqtss.ini et sstqo.dll malgres les fix avec hijackthis. Alors jai essayer de faire un scan et un remove vundo en mode sans echec sans résultats . jai F-secure et il maffiche toujours les meme rapport pour le trojan dowloader et agent 32. dois je utilisé un autre logiciel??

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
C:\Program Files\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\Anti-Virus\fsqh.exe
C:\Program Files\Anti-Virus\fsrw.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\Program Files\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\FSGUI\ispnews.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\ANTI-S~1\fsaw.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FSGUI\fsguidll.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\h\Bureau\VundoFix.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\awtssrs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {FED9750A-0D3B-478F-BDCE-0AFCE35746F6} - C:\WINDOWS\system32\sstqo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfel.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{650677FD-5DDF-42BF-AF96-A8A0154C8865}: NameServer = 86.64.145.140 84.103.237.140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtssrs - C:\WINDOWS\SYSTEM32\awtssrs.dll
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: LDpswSend - {71EC5123-28DF-324A-D76B-32549AB4C338} - C:\WINDOWS\system32\Apbiah32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

10 réponses

Réponse 1 / 10
aymeric
 
salut,
tu devrais esayer le logiciel AVG enti-spyware!!!
voila
bonne chance
0
Réponse 2 / 10
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,
Peux-tu joindre le rapport Vundofix : C:\vundofix.txt

FillPCA
0
Réponse 3 / 10
Matthios
 
voila le raport vudofix merci fill
undoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 18:36:24 16/07/2007

Listing files found while scanning....

C:\windows\system32\awtssrs.dll
C:\windows\system32\byxxuuu.dll
C:\WINDOWS\system32\cvwnfqyl.dll
C:\windows\system32\fiwjxcgv.dll
C:\windows\system32\ifmxbfmx.dll
C:\windows\system32\jduovbvu.ini
C:\windows\system32\lpmqsnbw.ini
C:\windows\system32\nlqcngko.ini
C:\windows\system32\okgncqln.dll
C:\windows\system32\pswbavet.dll
C:\WINDOWS\system32\sstqo.dll
C:\windows\system32\uvbvoudj.dll
C:\WINDOWS\system32\wbnsqmpl.dll
C:\windows\system32\wvutusp.dll
C:\windows\system32\ykudfpfe.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtssrs.dll
C:\windows\system32\awtssrs.dll Could not be deleted.

Attempting to delete C:\windows\system32\byxxuuu.dll
C:\windows\system32\byxxuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cvwnfqyl.dll
C:\WINDOWS\system32\cvwnfqyl.dll Could not be deleted.

Attempting to delete C:\windows\system32\fiwjxcgv.dll
C:\windows\system32\fiwjxcgv.dll Has been deleted!

Attempting to delete C:\windows\system32\ifmxbfmx.dll
C:\windows\system32\ifmxbfmx.dll Has been deleted!

Attempting to delete C:\windows\system32\jduovbvu.ini
C:\windows\system32\jduovbvu.ini Has been deleted!

Attempting to delete C:\windows\system32\lpmqsnbw.ini
C:\windows\system32\lpmqsnbw.ini Has been deleted!

Attempting to delete C:\windows\system32\nlqcngko.ini
C:\windows\system32\nlqcngko.ini Has been deleted!

Attempting to delete C:\windows\system32\okgncqln.dll
C:\windows\system32\okgncqln.dll Has been deleted!

Attempting to delete C:\windows\system32\pswbavet.dll
C:\windows\system32\pswbavet.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\sstqo.dll Could not be deleted.

Attempting to delete C:\windows\system32\uvbvoudj.dll
C:\windows\system32\uvbvoudj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wbnsqmpl.dll
C:\WINDOWS\system32\wbnsqmpl.dll Could not be deleted.

Attempting to delete C:\windows\system32\wvutusp.dll
C:\windows\system32\wvutusp.dll Has been deleted!

Attempting to delete C:\windows\system32\ykudfpfe.dll
C:\windows\system32\ykudfpfe.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 18:42:33 16/07/2007

Listing files found while scanning....

C:\windows\system32\awtssrs.dll
C:\windows\system32\cvwnfqyl.dll
C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.bak2
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\sstqo.dll
C:\windows\system32\wbnsqmpl.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtssrs.dll
C:\windows\system32\awtssrs.dll Could not be deleted.

Attempting to delete C:\windows\system32\cvwnfqyl.dll
C:\windows\system32\cvwnfqyl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtss.bak2
C:\WINDOWS\system32\oqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\oqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\sstqo.dll Could not be deleted.

Attempting to delete C:\windows\system32\wbnsqmpl.dll
C:\windows\system32\wbnsqmpl.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 18:59:09 16/07/2007

Listing files found while scanning....

C:\windows\system32\awtssrs.dll
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\sstqo.dll
0
Réponse 4 / 10
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite aussi un rapport Hijackthis.

FillPCA
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Matthios
 
voila Fill jai fais le premier log de combofix:

2007-07-16 22:06:46 - ComboFix 07-07-14.6 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\xxyvurr.dll
C:\WINDOWS\system32\xxyvurr.dll
C:\WINDOWS\system32\oqtss.bak2
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\awtssrs.dll
C:\WINDOWS\system32\awtssrs.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\h\ravmonlog
C:\Program Files\crosof~1
C:\Program Files\crosof~1\winlogon.exe
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\WINDOWS\system32\akplwxrg.exe
C:\WINDOWS\system32\mjcuhdto.exe
C:\WINDOWS\system32\pecnnwpp.exe
C:\WINDOWS\system32\smrynipb.exe
C:\WINDOWS\system32\tlctjnip.exe
C:\WINDOWS\system32\uuqhxmpg.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ASC3550U
-------\LEGACY_NTMLSVC
-------\asc3550u
-------\NtmlSvc

((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))

2007-07-16 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 18:41 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-16 18:36 <REP> d-------- C:\VundoFix Backups
2007-07-15 11:17 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\F-Secure
2007-07-15 01:39 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\ispnews
2007-07-14 21:07 94,258 --a------ C:\Program Files\fsld32.dll
2007-07-14 21:07 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-07-14 21:07 360,448 --a------ C:\Program Files\fsuninst.exe
2007-07-14 21:07 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-07-14 21:07 229,376 --a------ C:\Program Files\fsisu.dll
2007-07-14 21:07 151,552 --a------ C:\Program Files\fsdeph.dll
2007-07-14 21:07 135,168 --a------ C:\Program Files\fsisuNT.dll
2007-07-14 21:07 <REP> d-------- C:\Program Files\TNB
2007-07-14 21:07 <REP> d-------- C:\Program Files\FWES
2007-07-14 21:07 <REP> d-------- C:\Program Files\FSGUI
2007-07-14 21:07 <REP> d-------- C:\Program Files\DAAS
2007-07-14 21:07 <REP> d-------- C:\Program Files\Anti-Virus
2007-07-14 21:07 <REP> d-------- C:\Program Files\Anti-Spyware
2007-07-14 21:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-07-14 20:58 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4476822L.exe
2007-07-14 20:58 <REP> d-------- C:\Program Files\F-Secure Internet Security
2007-07-14 20:58 <REP> d-------- C:\Program Files\Common
2007-07-12 20:31 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\SiteAdvisor
2007-07-12 18:10 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2007-07-12 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-07 16:20 <REP> d-------- C:\Capleton-More_Fire-CD-2000-RKSiNT
2007-07-07 16:00 <REP> d-------- C:\Capleton-More_Fire_Live_In_St_Mary_Ft_Bodyguard-CD-2000-RKS_INT
2007-07-05 18:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-05 18:29 2,948 --a------ C:\WINDOWS\mozver.dat
2007-07-05 17:55 0 --a------ C:\WINDOWS\Sysvxd.exe
2007-07-05 17:54 21,504 --------- C:\WINDOWS\system32\wingdm32.dll
2007-07-05 17:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-05 17:49 <REP> d-------- C:\DOCUME~1\h\Contacts
2007-07-02 13:54 <REP> d-------- C:\Program Files\MSXML 4.0
2007-07-01 00:14 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-06-30 18:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-06-30 18:04 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-06-30 17:08 <REP> d-------- C:\Program Files\Lavasoft
2007-06-30 17:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-30 17:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 16:57 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-26 20:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 19:18 <REP> d-------- C:\Program Files\Yahoo!
2007-06-26 19:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-06-26 19:17 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-06-17 22:44 <REP> d-------- C:\WINDOWS\Microsoft Shared
2007-06-17 22:44 <REP> d-------- C:\Program Files\Addinsoft
2007-06-17 22:44 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\ADDINSOFT

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 16:59:25 -------- d-----w C:\Program Files\HIJACKTHIS VF
2007-07-14 19:07:30 1,187 ----a-w C:\Program Files\install.ini
2007-07-14 15:26:36 5,120 ----a-w C:\WINDOWS\system32\drivers\Stdsys.SYS
2007-07-12 12:17:03 -------- d-----w C:\DOCUME~1\h\APPLIC~1\Xfire
2007-07-11 15:56:25 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-07-07 17:21:07 49,494 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-07 17:21:07 370,414 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-07 13:10:03 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-05 15:49:31 -------- d-----w C:\Program Files\MSN Messenger
2007-07-02 16:44:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 14:57:53 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-12-06 14:28:58 21,496 ----a-w C:\DOCUME~1\h\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-05-31 01:26:02 106,496 ----a-w C:\Program Files\fsuninst.FRA
2005-05-31 01:25:58 126,976 ----a-w C:\Program Files\fsuninst.ENG
2006-10-05 07:00:08 56 --sh--r C:\WINDOWS\system32\1383230796.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-07-07 12:52 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 19:06 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
2006-05-10 01:13 65536 --a------ C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-03-20 14:13 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"F-Secure Manager"="C:\Program Files\Common\FSM32.exe" [2005-10-26 03:51]
"F-Secure TNB"="C:\Program Files\TNB\TNBUtil.exe" [2005-07-18 16:51]
"F-Secure Startup Wizard"="C:\Program Files\FSGUI\FSSW.exe" [2005-10-18 10:29]
"News Service"="C:\Program Files\FSGUI\ispnews.exe" [2005-05-31 14:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-14 19:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{71EC5123-28DF-324A-D76B-32549AB4C338}"="C:\WINDOWS\system32\Apbiah32.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MSI Media Center Deluxe II.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MSI Media Center Deluxe II.lnk
backup=C:\WINDOWS\pss\MSI Media Center Deluxe II.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Tool.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAID Tool.lnk
backup=C:\WINDOWS\pss\RAID Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinIRXHelper.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinIRXHelper.lnk
backup=C:\WINDOWS\pss\WinIRXHelper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^h^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\h\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^h^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\h\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^h^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\h\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23f2d6-6c70-11db-98c3-000c6e39875d}]
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eccb78a-4e48-11db-9885-000c6e39875d}]
- H:\RavMonE.exe e
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{335d0d3e-a010-11db-9938-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637bf8ea-d706-11db-99b4-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a70e8d6-d9f4-11db-99bd-000c6e39875d}]
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81d30124-3a96-11db-984c-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe40fe-da3c-11db-99be-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe40ff-da3c-11db-99be-000c6e39875d}]
- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe4100-da3c-11db-99be-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4336ca-183e-11dc-9a5d-000c6e39875d}]

Contents of the 'Scheduled Tasks' folder
2007-06-08 15:16:47 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-16 08:51:05 C:\WINDOWS\tasks\Scheduled scanning task.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 22:17:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 22:19:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 22:19

Pour le log de hijack:
Logfile of HijackThis v1.99.1
Scan saved at 22:20:54, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
C:\Program Files\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common\FCH32.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\Anti-Virus\fsqh.exe
C:\Program Files\Anti-Virus\fsrw.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\Program Files\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\FSGUI\ispnews.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\ANTI-S~1\fsaw.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\FSGUI\fsguidll.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{650677FD-5DDF-42BF-AF96-A8A0154C8865}: NameServer = 84.103.237.144 86.64.145.144
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: LDpswSend - {71EC5123-28DF-324A-D76B-32549AB4C338} - C:\WINDOWS\system32\Apbiah32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Je pense que tout a été enleve?? en tout cas jte remerci pour ton aide fill
0
Réponse 6 / 10
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

J'aimerais creuser un peu pour voir s'il n'y a rien d'autre :
1) * Télécharger smitfraudfix (de S!Ri) sur le bureau : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Clique sur smitfraudfix.exe
* Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
* Ferme l'application en tapant sur la touche Q.

2) Télécharge Ccleaner : http://www.filehippo.com/download/9838386a743262a2d7aaedfb3b432ae2/download/
Installe-le en décochant la toolbar Yahoo !
Ouvre Ccleaner, clique sur "analyse" puis "lancer le nettoyage".

3) Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

4) Edite le rapport Smitfraudfix et le rapport AVGantispyware.

FillPCA
0
Réponse 7 / 10
Matthios
 
désolé fill de pas tavoir répondu plus tot alors voici les rapport
SmitFraudFix v2.204

Rapport fait à 18:17:44,75, 17/07/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common\FCH32.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\Anti-Virus\fsqh.exe
C:\Program Files\Anti-Virus\fsrw.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\Program Files\FWES\Program\fsdfwd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\FSGUI\ispnews.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\h

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\h\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\h\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 84.103.237.140
DNS Server Search Order: 86.64.145.140

HKLM\SYSTEM\CCS\Services\Tcpip\..\{650677FD-5DDF-42BF-AF96-A8A0154C8865}: NameServer=84.103.237.140 86.64.145.140
HKLM\SYSTEM\CS1\Services\Tcpip\..\{650677FD-5DDF-42BF-AF96-A8A0154C8865}: NameServer=84.103.237.140 86.64.145.140
HKLM\SYSTEM\CS3\Services\Tcpip\..\{650677FD-5DDF-42BF-AF96-A8A0154C8865}: NameServer=84.103.237.145 86.64.145.145

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

et celui de avg antispyware

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:34:24 17/07/2007

+ Résultat de l'analyse:

C:\Program Files\HIJACKTHIS VF\backups\backup-20070716-190726-297.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtssrs.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{7A13F355-85A4-43E7-ABCF-C37E43A20E51}\RP214\A0075502.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{7A13F355-85A4-43E7-ABCF-C37E43A20E51}\RP214\A0075510.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{7A13F355-85A4-43E7-ABCF-C37E43A20E51}\RP215\A0075618.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\VundoFix Backups\awtssrs.dll.bad -> Adware.Virtumonde : Aucune action entreprise.
C:\VundoFix Backups\byxxuuu.dll.bad -> Adware.Virtumonde : Aucune action entreprise.
C:\VundoFix Backups\wvutusp.dll.bad -> Adware.Virtumonde : Aucune action entreprise.
C:\Documents and Settings\h\Mes documents\Mes fichiers reçus\myalbum2007.zip/photo album-2007.scr -> Backdoor.IRCBot.acd : Aucune action entreprise.
C:\WINDOWS\system32\APBIAH32.0LL -> Downloader.Agent.bxd : Aucune action entreprise.
C:\WINDOWS\avp.0xe -> Downloader.Alphabet.f : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\CROSOF~1\winlogon.exe.vir -> Downloader.PurityScan.ej : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.206:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.208:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.394:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.415:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.96:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.188:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.189:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.201:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.202:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.203:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.204:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Com : Aucune action entreprise.
:mozilla.453:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.454:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.455:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.456:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.390:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.436:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.409:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.458:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.360:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.55:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.56:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.351:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.352:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.353:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.354:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.355:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.356:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.221:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.222:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.223:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.224:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.225:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.226:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.227:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.228:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.229:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.230:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.231:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.232:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.233:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.234:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.290:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.291:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.292:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.293:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.294:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.295:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.29:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.139:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.58:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.68:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.379:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.249:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.250:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.251:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.252:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.312:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.314:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.82:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\twxeg1ew.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\WINDOWS\system32\DRVFEL.0LL -> Trojan.Agent.qt : Aucune action entreprise.

Fin du rapport

Tu crois que tout les trojan ce sont enlevé a présent?? matthios
0
Réponse 8 / 10
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

Pas tout à fait. Tu as bien fait de revenir...

1/
* Sélectionne le texte suivant :

File::
C:\Documents and Settings\h\Mes documents\Mes fichiers reçus\myalbum2007.zip
C:\WINDOWS\system32\APBIAH32.0LL
C:\WINDOWS\avp.0xe
C:\WINDOWS\system32\DRVFEL.0LL

Folder::
C:\VundoFix Backups

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe.

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ * Télécharge MSNfix (de Régis59 et !aur3n7) sur ton bureau : http://sosvirus.changelog.fr/MSNFix.zip
* Dézippe-le en faisant un clic droit puis extraire ici.Combofix, MSNfix, nouveau rapport Hijackthis.
* Double-clique sur MSNfix.bat.
* Choisis l'option R. Si l'infection est détectée, exécute l'instruction N.
* Sauvegarde ce rapport puis copie-colle son contenu dans ta prochaine réponse.
* Si une indication apparait à l'écran (demande d'éxécuter le fix en mode sans échec, préviens-moi).

3/ Edite les rapports suivants :
Combofix, MSNfix, nouveau rapport Hijackthis.

FillPCA
0
Réponse 9 / 10
Matthios
 
bonjour désolé pour le temps de réponse jme suis pris kelke vacances alors voici le rapport msn fix MSN_Fix 1.344

C:\Documents and Settings\h\Bureau\MSNFix
Fix exécuté le 27/07/2007 - 17:20:29,76 By h
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.aceboard.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

le rapport de combo fix :

"h" - 2007-07-27 17:14:17 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\h\Bureau\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awtssrs.dll.bad
C:\VundoFix Backups\byxxuuu.dll.bad
C:\VundoFix Backups\cvwnfqyl.dll.bad
C:\VundoFix Backups\fiwjxcgv.dll.bad
C:\VundoFix Backups\ifmxbfmx.dll.bad
C:\VundoFix Backups\jduovbvu.ini.bad
C:\VundoFix Backups\lpmqsnbw.ini.bad
C:\VundoFix Backups\nlqcngko.ini.bad
C:\VundoFix Backups\okgncqln.dll.bad
C:\VundoFix Backups\oqtss.bak1.bad
C:\VundoFix Backups\oqtss.bak2.bad
C:\VundoFix Backups\oqtss.ini.bad
C:\VundoFix Backups\pswbavet.dll.bad
C:\VundoFix Backups\sstqo.dll.bad
C:\VundoFix Backups\uvbvoudj.dll.bad
C:\VundoFix Backups\wbnsqmpl.dll.bad
C:\VundoFix Backups\wvutusp.dll.bad
C:\VundoFix Backups\ykudfpfe.dll.bad

((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))

2007-07-19 22:23 <REP> d-------- C:\Program Files\mp3DirectCut
2007-07-18 21:27 <REP> d-------- C:\Cashback.LIMITED.REPACK.FRENCH.DVDRiP.XviD-TICKETS
2007-07-17 18:35 <REP> d-------- C:\Factory.Girl.LIMITED.FRENCH.DVDRip.XviD-LRD
2007-07-17 18:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-17 18:18 <REP> d-------- C:\Program Files\CCleaner
2007-07-17 18:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-17 18:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-17 18:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-17 18:17 1,880 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-16 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 18:41 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-15 11:17 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\F-Secure
2007-07-15 01:39 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\ispnews
2007-07-14 21:07 94,258 --a------ C:\Program Files\fsld32.dll
2007-07-14 21:07 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-07-14 21:07 360,448 --a------ C:\Program Files\fsuninst.exe
2007-07-14 21:07 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-07-14 21:07 229,376 --a------ C:\Program Files\fsisu.dll
2007-07-14 21:07 151,552 --a------ C:\Program Files\fsdeph.dll
2007-07-14 21:07 135,168 --a------ C:\Program Files\fsisuNT.dll
2007-07-14 21:07 <REP> d-------- C:\Program Files\TNB
2007-07-14 21:07 <REP> d-------- C:\Program Files\FWES
2007-07-14 21:07 <REP> d-------- C:\Program Files\FSGUI
2007-07-14 21:07 <REP> d-------- C:\Program Files\DAAS
2007-07-14 21:07 <REP> d-------- C:\Program Files\Anti-Virus
2007-07-14 21:07 <REP> d-------- C:\Program Files\Anti-Spyware
2007-07-14 21:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-07-14 20:58 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4476822L.exe
2007-07-14 20:58 <REP> d-------- C:\Program Files\F-Secure Internet Security
2007-07-14 20:58 <REP> d-------- C:\Program Files\Common
2007-07-12 20:31 <REP> d-------- C:\DOCUME~1\h\APPLIC~1\SiteAdvisor
2007-07-12 18:10 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2007-07-12 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-07 16:20 <REP> d-------- C:\Capleton-More_Fire-CD-2000-RKSiNT
2007-07-07 16:00 <REP> d-------- C:\Capleton-More_Fire_Live_In_St_Mary_Ft_Bodyguard-CD-2000-RKS_INT
2007-07-05 18:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-05 18:29 2,948 --a------ C:\WINDOWS\mozver.dat
2007-07-05 17:55 0 --a------ C:\WINDOWS\Sysvxd.exe
2007-07-05 17:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-05 17:49 <REP> d-------- C:\DOCUME~1\h\Contacts
2007-07-02 13:54 <REP> d-------- C:\Program Files\MSXML 4.0
2007-07-01 00:14 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-06-30 18:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-06-30 18:04 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-06-30 17:08 <REP> d-------- C:\Program Files\Lavasoft
2007-06-30 17:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-30 17:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-30 16:57 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 20:23:04 -------- d-----w C:\Program Files\HIJACKTHIS VF
2007-07-17 16:52:56 -------- d-----w C:\Program Files\MSN Messenger
2007-07-17 16:26:40 -------- d-----w C:\Program Files\Hitman Pro
2007-07-14 19:07:30 1,187 ----a-w C:\Program Files\install.ini
2007-07-14 15:26:36 5,120 ----a-w C:\WINDOWS\system32\drivers\Stdsys.SYS
2007-07-12 12:17:03 -------- d-----w C:\DOCUME~1\h\APPLIC~1\Xfire
2007-07-12 12:00:49 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-07-11 15:56:25 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-07-07 17:21:07 49,494 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-07 17:21:07 370,414 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-07 13:10:03 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-02 16:44:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 14:57:53 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-26 17:18:37 -------- d-----w C:\Program Files\Yahoo!
2007-06-17 20:44:40 -------- d-----w C:\Program Files\Addinsoft
2007-06-17 20:44:40 -------- d-----w C:\DOCUME~1\h\APPLIC~1\ADDINSOFT
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-12-06 14:28:58 21,496 ----a-w C:\DOCUME~1\h\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-05-31 01:26:02 106,496 ----a-w C:\Program Files\fsuninst.FRA
2005-05-31 01:25:58 126,976 ----a-w C:\Program Files\fsuninst.ENG
2006-10-05 07:00:08 56 --sh--r C:\WINDOWS\system32\1383230796.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-07-07 12:52 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 19:06 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
2006-05-10 01:13 65536 --a------ C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-03-20 14:13 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"F-Secure Manager"="C:\Program Files\Common\FSM32.exe" [2005-10-26 03:51]
"F-Secure TNB"="C:\Program Files\TNB\TNBUtil.exe" [2005-07-18 16:51]
"F-Secure Startup Wizard"="C:\Program Files\FSGUI\FSSW.exe" [2005-10-18 10:29]
"News Service"="C:\Program Files\FSGUI\ispnews.exe" [2005-05-31 14:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-14 19:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MSI Media Center Deluxe II.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MSI Media Center Deluxe II.lnk
backup=C:\WINDOWS\pss\MSI Media Center Deluxe II.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Tool.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAID Tool.lnk
backup=C:\WINDOWS\pss\RAID Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinIRXHelper.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinIRXHelper.lnk
backup=C:\WINDOWS\pss\WinIRXHelper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^h^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\h\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^h^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\h\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^h^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\h\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23f2d6-6c70-11db-98c3-000c6e39875d}]
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eccb78a-4e48-11db-9885-000c6e39875d}]
- H:\RavMonE.exe e
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{335d0d3e-a010-11db-9938-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637bf8ea-d706-11db-99b4-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{680c3aa4-d9e1-11db-99bc-000c6e39875d}]
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a70e8d6-d9f4-11db-99bd-000c6e39875d}]
- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81d30124-3a96-11db-984c-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe40fe-da3c-11db-99be-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe40ff-da3c-11db-99be-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7fe4100-da3c-11db-99be-000c6e39875d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4336ca-183e-11dc-9a5d-000c6e39875d}]

Contents of the 'Scheduled Tasks' folder
2007-07-27 15:15:00 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-27 14:34:12 C:\WINDOWS\tasks\Scheduled scanning task.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 17:17:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-27 17:18:12
C:\ComboFix-quarantined-files.txt ... 2007-07-27 17:18
C:\ComboFix2.txt ... 2007-07-16 22:19

--- E O F ---
et le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:22:54, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\Anti-Virus\fsqh.exe
C:\Program Files\Anti-Virus\fsrw.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\Program Files\FWES\Program\fsdfwd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common\FSM32.EXE
C:\PROGRA~1\ANTI-S~1\fsaw.exe
C:\Program Files\FSGUI\ispnews.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{650677FD-5DDF-42BF-AF96-A8A0154C8865}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: LDpswSend - {71EC5123-28DF-324A-D76B-32549AB4C338} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Je sais pas si il est encore infecté? ca a marcher ? Merci Fill encore pour ton aide c clair ke mon ordi bug plus déja !! :)) Matthieu
0
Réponse 10 / 10
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Salut,

J'étais moi aussi en vacances. Tes problèmes sont-ils réglés ?

FillPCA
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses