Win32:Agent-LAP [Trj]

nerique -  
mucho 1 Messages postés 306 Statut Membre -
Bonjour,
probleme avec Win32:Agent-LAP [Trj]
qq un peut m aider??
Configuration: Windows XP
Firefox 2.0.0.8

30 réponses

  • 1
  • 2
  1. mucho 1 Messages postés 306 Statut Membre 8
     
    Bonsoir

    peux tu me dire le chemin exacte de Win32:Agent-LAP [Trj]

    ou poste moi le rapport de ton antivirus

    @+
    0
  2. nerique
     
    je ne l ai plus je viens de relancer une analyse...
    0
  3. mucho 1 Messages postés 306 Statut Membre 8
     
    OK

    @+
    0
  4. nerique
     
    rapport d analyse depuis que je suis ennuyer....

    23/10/2007 20:52:45 SYSTEM 1360 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\DOCUME~1\moi\LOCALS~1\Temp\cudmlumq.exe" file.
    24/10/2007 20:49:07 moi 1448 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\IQYHP1OI\vasya[1]" file.
    24/10/2007 20:55:12 moi 1448 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\DOCUME~1\moi\LOCALS~1\Temp\yyplqepk.exe" file.
    26/10/2007 08:08:42 moi 1492 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\IQYHP1OI\vasya[1]" file.
    26/10/2007 08:11:02 moi 1492 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\DOCUME~1\moi\LOCALS~1\Temp\crmlkcho.exe" file.
    27/10/2007 13:45:29 moi 1524 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\FB97V5SW\vasya[1]" file.
    27/10/2007 14:01:32 moi 1524 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\DOCUME~1\moi\LOCALS~1\Temp\oujduhyb.exe" file.
    28/10/2007 13:21:19 moi 1480 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\WPQVK1UZ\vasya[1]" file.
    28/10/2007 13:22:13 moi 1480 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\DOCUME~1\moi\LOCALS~1\Temp\iviwnmgl.exe" file.
    29/10/2007 20:43:40 moi 1504 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\8ZMFYLY5\vasya[1]" file.
    30/10/2007 20:57:20 moi 1536 Sign of "Win32:Agent-LAP [Trj]" has been found in "C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\O127S5Y3\vasya[1]" file.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mucho 1 Messages postés 306 Statut Membre 8
     
    Peux tu faire un scan antivirus en ligne BitDefender :
    https://www.bitdefender.fr/

    démo (de balltrap34) :
    http://pageperso.aol.fr/balltrap34/defender.htm

    ou regarde ici :
    http://pageperso.aol.fr/loraline60/bitdefender_scan.htm

    puis poste le rapport (faire copie-colle)

    merci
    @+
    0
  7. nerique
     
    un autre probleme apparait

    C:\WINDOWS\System32\iwpyvmpl.dll
    Win32:SecBar [Adw]
    0
  8. mucho 1 Messages postés 306 Statut Membre 8
     
    C'est ce que je pensai Normale c'est une infection Vundo

    termine le scan et poste le

    merci

    @+
    0
  9. nerique
     
    ok

    deja merci pour ton aide

    merde.....credi 4 heures de scan
    je vais me coucher demain boulot
    je reposte plus tard
    merci encore
    0
  10. mucho 1 Messages postés 306 Statut Membre 8
     
    Bonsoir,

    poste moi le rapport Bitdefender

    merci
    0
  11. nerique
     
    est ce que hijack te suffit???
    si oui cela m arrange car bitdefender prends enormement de tps et mon pc n arrive pas a aller au bout sans etre deconnecter!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:31:03, on 31/10/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\KODAK\Logiciel de transfert d'images KODAK\PTSsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/?toHttps=1&redig=76420697312543738FC7AC1F1CA1CB9B
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll (file missing)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\iwpyvmpl.dll (file missing)
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [14b5b8b3] rundll32.exe "C:\WINDOWS\System32\ybfhageh.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0077DBA.dat
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\Logiciel de transfert d'images KODAK\PTSsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.ogame.fr/portal/img/head/right.jpg
    0
  12. mucho 1 Messages postés 306 Statut Membre 8
     
    Télécharge Vundofix (de Atribune) sur ton Bureau
    http://www.atribune.org/ccount/click.php?id=4

    - Double-clique VundoFix.exe afin de le lancer.
    - Clique sur le bouton Scan for Vundo.
    - Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    - Une invite te demandera si tu veux supprimer les fichiers, clique YES
    - Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    - Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    - Démarre ton PC à nouveau.
    - Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    @+
    0
  13. nerique
     
    je fais ... il est en route pour le scan
    je te tiens au courant
    et merci encore.
    0
  14. nerique
     
    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 21:56:43 31/10/2007

    Listing files found while scanning....

    C:\windows\system32\cfhkj.bak1
    C:\windows\system32\cfhkj.bak2
    C:\windows\system32\cfhkj.ini
    C:\windows\system32\ddccyww.dll
    C:\WINDOWS\System32\guiokdrw.dll
    C:\windows\system32\hfbfmntm.dll
    C:\windows\system32\iifdcax.dll
    C:\WINDOWS\System32\iwpyvmpl.dll
    C:\windows\system32\jkhfc.dll
    C:\windows\system32\khfgeec.dll
    C:\windows\system32\mtnmfbfh.ini
    C:\windows\system32\pmnmmmj.dll
    C:\windows\system32\vgyyadmx.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\cfhkj.bak1
    C:\windows\system32\cfhkj.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\cfhkj.bak2
    C:\windows\system32\cfhkj.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\cfhkj.ini
    C:\windows\system32\cfhkj.ini Has been deleted!

    Attempting to delete C:\windows\system32\ddccyww.dll
    C:\windows\system32\ddccyww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\guiokdrw.dll
    C:\WINDOWS\System32\guiokdrw.dll Could not be deleted.

    Attempting to delete C:\windows\system32\hfbfmntm.dll
    C:\windows\system32\hfbfmntm.dll Has been deleted!

    Attempting to delete C:\windows\system32\iifdcax.dll
    C:\windows\system32\iifdcax.dll Has been deleted!

    Attempting to delete C:\windows\system32\jkhfc.dll
    C:\windows\system32\jkhfc.dll Could not be deleted.

    Attempting to delete C:\windows\system32\khfgeec.dll
    C:\windows\system32\khfgeec.dll Has been deleted!

    Attempting to delete C:\windows\system32\mtnmfbfh.ini
    C:\windows\system32\mtnmfbfh.ini Has been deleted!

    Attempting to delete C:\windows\system32\pmnmmmj.dll
    C:\windows\system32\pmnmmmj.dll Has been deleted!

    Attempting to delete C:\windows\system32\vgyyadmx.dll
    C:\windows\system32\vgyyadmx.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 22:31:05 31/10/2007

    Listing files found while scanning....

    C:\windows\system32\cfhkj.bak1
    C:\windows\system32\cfhkj.ini
    C:\windows\system32\jkhfc.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\cfhkj.bak1
    C:\windows\system32\cfhkj.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\cfhkj.ini
    C:\windows\system32\cfhkj.ini Has been deleted!

    Attempting to delete C:\windows\system32\jkhfc.dll
    C:\windows\system32\jkhfc.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    0
  15. mucho 1 Messages postés 306 Statut Membre 8
     
    Vundofix a bien travaillé

    Maintenant Télécharge Combofix (par sUBs) sur ton Bureau.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt

    @+
    0
  16. nerique
     
    voila......

    ComboFix 07-10-29.1 - moi 2007-10-31 23:08:36.1 - NTFSx86
    Running from: C:\Documents and Settings\moi\Bureau\ComboFix.exe
    .
    [i] ADS - system32: deleted 69550 bytes in 1 streams. [/i]

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\.exe
    C:\WINDOWS\system32\__c003BB9D.dat
    C:\WINDOWS\system32\__c0057E39.dat
    C:\WINDOWS\system32\__c0077DBA.dat
    C:\WINDOWS\system32\__c00BB78F.dat
    C:\WINDOWS\system32\__c00D721E.dat
    C:\WINDOWS\system32\__c00DC0E4.dat
    C:\WINDOWS\system32\aqlhngnj.dll
    C:\WINDOWS\system32\beskvrvf.dll
    C:\WINDOWS\system32\bvreanpcxl.dat
    C:\WINDOWS\system32\bvreanpcxl_nav.dat
    C:\WINDOWS\system32\bvreanpcxl_navps.dat
    C:\WINDOWS\system32\bweqpich.dll
    C:\WINDOWS\system32\dwklemkj.ini
    C:\WINDOWS\system32\guiokdrw.dll
    C:\WINDOWS\system32\gwhorslu.dll
    C:\WINDOWS\system32\gyacdscv.dll
    C:\WINDOWS\system32\hegahfby.ini
    C:\WINDOWS\system32\hnljdevu.dll
    C:\WINDOWS\system32\hxnmfjho.dll
    C:\WINDOWS\system32\iwpyvmpl.dllbox
    C:\WINDOWS\system32\jkmelkwd.dll
    C:\WINDOWS\system32\lgxyvivg.dll
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\plhifvca.dll
    C:\WINDOWS\system32\pmoohxef.dll
    C:\WINDOWS\system32\tfljjikt.dll
    C:\WINDOWS\system32\tinftbgk.dll
    C:\WINDOWS\system32\ufvcwyht.dll
    C:\WINDOWS\system32\vdccavgu.dll
    C:\WINDOWS\system32\ybfhageh.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-31 23:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-31 21:56 <REP> d-------- C:\VundoFix Backups
    2007-10-30 22:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-30 21:57 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-30 21:56 <REP> d-------- C:\hijack
    2007-10-29 21:15 <REP> d-------- C:\Documents and Settings\moi\Application Data\Grisoft
    2007-10-29 21:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-29 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
    2007-10-24 20:27 <REP> d-------- C:\Program Files\laughnetwork
    2007-10-23 08:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-23 08:27 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-23 08:27 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-23 08:26 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-10-23 08:26 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-23 08:26 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-23 08:25 <REP> d-------- C:\Program Files\Alwil Software
    2007-10-23 08:25 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-10-23 07:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2007-10-22 01:25 1,635 --a------ C:\WINDOWS\system32\wtjcfyol.exe
    2007-10-11 21:18 <REP> d-------- C:\Program Files\IncrediMail
    2007-10-04 08:39 <REP> d-------- C:\WINDOWS\system\color
    2007-10-04 08:37 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-10-04 08:37 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-10-04 08:33 32,768 --a------ C:\WINDOWS\system32\agsisti.dll
    2007-10-04 08:32 <REP> d-------- C:\Program Files\Fichiers communs\Agfa
    2007-10-04 08:32 <REP> d-------- C:\Program Files\Agfa
    2007-10-04 08:32 90,112 --a------ C:\WINDOWS\system32\adomps.dll
    2007-10-02 21:06 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2007-09-26 20:55 <REP> d-------- C:\Program Files\SimTractor 3.5
    2007-09-26 20:52 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-09-16 08:17 <REP> d-------- C:\Program Files\PhotoBox

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-31 21:45 --------- d-----w C:\Documents and Settings\moi\Application Data\OpenOffice.org2
    2007-10-30 15:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-24 20:28 --------- d-----w C:\Documents and Settings\moi\Application Data\ZoomBrowser EX
    2007-10-24 11:33 --------- d-----w C:\Program Files\McAfee.com
    2007-10-24 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2007-10-23 10:43 --------- d-----w C:\Program Files\Toolbar
    2007-10-19 19:07 --------- d-----w C:\Program Files\eMule
    2007-10-02 20:04 --------- d-----w C:\Program Files\Java
    2007-09-24 06:08 --------- d-----w C:\Documents and Settings\moi\Application Data\GrabIt
    2005-11-01 13:23 4,780 -c--a-w C:\Program Files\Mcd2.REP
    2005-11-01 10:06 6,771,905 -c--a-w C:\Program Files\DIALMES.FIC
    2005-11-01 10:06 172,154 -c--a-w C:\Program Files\DIALMES.NDX
    2005-10-31 21:19 878,453 -c--a-w C:\Program Files\CDLIG.NDX
    2005-10-31 21:19 673,157 -c--a-w C:\Program Files\CDLIG.FIC
    2005-10-31 21:19 469,531 -c--a-w C:\Program Files\CDENT.FIC
    2005-10-31 21:19 115,900 -c--a-w C:\Program Files\CDENT.NDX
    2005-10-31 21:16 85,363 -c--a-w C:\Program Files\ARTICLE.NDX
    2005-10-31 21:16 4,161 -c--a-w C:\Program Files\DATLIV.FIC
    2005-10-31 21:16 272,466 -c--a-w C:\Program Files\FACTENT.FIC
    2005-10-31 21:16 226,872 -c--a-w C:\Program Files\Anomalies.log
    2005-10-31 21:16 192,507 -c--a-w C:\Program Files\ARTICLE.FIC
    2005-10-31 21:16 12,972 -c--a-w C:\Program Files\DATLIV.NDX
    2005-10-31 21:16 1,006,006 -c--a-w C:\Program Files\FACTENT.NDX
    2005-10-31 21:09 641,576 -c--a-w C:\Program Files\FACTLIG.FIC
    2005-10-31 21:09 1,056,019 -c--a-w C:\Program Files\FACTLIG.NDX
    2005-10-31 21:00 4,320,353 -c--a-w C:\Program Files\ELEVEUR.FIC
    2005-10-31 21:00 169,968 -c--a-w C:\Program Files\ELEVEUR.NDX
    2005-10-26 18:53 69,043 -c--a-w C:\Program Files\CIBLAGE.NDX
    2005-10-26 18:53 6,013 -c--a-w C:\Program Files\GROUPE.FIC
    2005-10-26 18:53 50,976 -c--a-w C:\Program Files\COMMUNE.NDX
    2005-10-26 18:53 4,343 -c--a-w C:\Program Files\GERAN.FIC
    2005-10-26 18:53 34,056 -c--a-w C:\Program Files\FIGR.FIC
    2005-10-26 18:53 3,628 -c--a-w C:\Program Files\FIGR.NDX
    2005-10-26 18:53 22,485 -c--a-w C:\Program Files\CDMES.FIC
    2005-10-26 18:53 22,023 -c--a-w C:\Program Files\CIBLAGE.FIC
    2005-10-26 18:53 20,370 -c--a-w C:\Program Files\COMMUNE.FIC
    2005-10-26 18:53 20,098 -c--a-w C:\Program Files\GROUPE.NDX
    2005-10-26 18:53 2,666 -c--a-w C:\Program Files\GERAN.NDX
    2005-10-26 18:53 17,815 -c--a-w C:\Program Files\COMPILAT.FIC
    2005-10-26 18:53 12,285 -c--a-w C:\Program Files\COMPILAT.NDX
    2005-10-26 18:53 11,384 -c--a-w C:\Program Files\CDMES.NDX
    2005-06-21 09:37 220,277 -c--a-w C:\Program Files\Mcd2.WDL.016
    2005-06-16 14:53 428,898 -c--a-w C:\Program Files\Mcd2.WDL.015
    2005-06-03 07:58 667,557 -c--a-w C:\Program Files\Mcd2.exe
    2005-06-03 07:58 2,197,788 -c--a-w C:\Program Files\Mcd2.wdl
    2005-06-02 14:45 10,913,904 -c--a-w C:\Program Files\20050531-018-x86.exe
    2005-04-20 14:01 553 -c--a-w C:\Program Files\maintien.txt
    2005-03-21 08:42 181,023 -c--a-w C:\Program Files\Mcd2.WDL.011
    2005-03-18 10:40 547,121 -c--a-w C:\Program Files\Mcd2.WDL.010
    2005-03-03 18:00 136 -c--a-w C:\Program Files\$TR38992
    2005-02-14 10:41 425,575 -c--a-w C:\Program Files\Mcd2.WDL.009
    2004-11-22 13:34 290,429 -c--a-w C:\Program Files\Mcd2.WDL.007
    2004-01-20 15:35 88,525 -c--a-w C:\Program Files\MCD2.wdd
    2001-12-05 10:13 165,034 -c--a-w C:\Program Files\Charte2.htm
    2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{179EC98D-5F0B-4880-8B72-71C3564A86FB}]
    C:\WINDOWS\System32\jkhfc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D09A743-00ED-4713-BCC4-32D590D1087A}]
    C:\Program Files\Toolbar\like_googlenew1.1a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-04-12 10:15]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 17:32]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 19:14]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 13:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]

    C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-01-20 21:19:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iwpyvmpl]
    iwpyvmpl.dll

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-13 15:15:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-31 23:48:37
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-31 23:58:20 - machine was rebooted
    .
    --- E O F ---
    0
  17. mucho 1 Messages postés 306 Statut Membre 8
     
    dans un premier temps affiche les dossiers cachés :
    http://perso.orange.fr/astwinds/astuces/fichiers_caches.html

    peux tu analiser cette .dll en gras

    vas sur https://www.virustotal.com/gui/

    clic sur parcourir et recherche jkhfc.dll puis clic sur envoyer le fichier

    C:\WINDOWS\System32\jkhfc.dll

    fait un copier/coller du rapport et poste le

    merci
    0
  18. nerique
     
    C:\WINDOWS\System32\jkhfc.dll
    je ne le trouve pas a cet endroit???
    0
  19. nerique
     
    j ai lancé une recherche et il a trouve que :
    jkhfc.dll.bat dans vundofix backups
    0
  20. mucho 1 Messages postés 306 Statut Membre 8
     
    tu a affiché les dossier caché ?

    PARDON

    Vundo la bien supprimé

    poste un rapport Hijackthis

    merci
    0
  • 1
  • 2