Gros soucis avec Trj Drop.delf.czz

Résolu
bricedenice -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour à tous,

Je vous remercie déja pour l'aide que vous allez m'apporter !

J'ai un gros soucis avec un trojan Drop.delf.czz qui a pour source c:\windows\system32\mljg.dll

En parcourant les forums j'ai cru comprendre qu'il s'agissait d'un "truc" du genre vundo, virtumonde...
J'ai donc essayé vundofix, combofix et j'en passe !

Je suppose qu'un rapport hijack vous sera utile, le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:34, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/hbt.php?rewrite=fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttr.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Virtua Tennis 3
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule .exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7042 bytes

Merci pour votre aide !
Configuration: Windows XP
Firefox 2.0.0.11
Antivir personal edition classic

34 réponses

  • 1
  • 2
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    fais un clic droit sur hijackthis.exe puis renommer et nomme le CCM.exe, puis poste un nouveau rapport stp

    ++
    0
  2. bricedenice
     
    Simple question : Pourquoi le renommer ?
    Voila le nouveau rapport !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:41:40, on 09/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\MSN Messenger\MsnMsgr .Exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Trend Micro\HijackThis\ccm.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/hbt.php?rewrite=fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttr.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AA97213E-2525-417C-A799-878D03647C69} - C:\WINDOWS\system32\ssttr.dll (file missing)
    O2 - BHO: (no name) - {AB895D60-643A-4B97-9B1E-8C48381A7B09} - C:\WINDOWS\system32\mlljg.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Virtua Tennis 3
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule .exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Simple question : Pourquoi le renommer ?

    ton 1er rapport ne mentionne aucune ligne 02 : c'est typique d'une infection vundo, mais il arrive parfois que c'est normal, en renommant hijack, on contourne le tour de passe-passe de vundo qui se cache du scan de hijack ( la plupart du temps ), et comme tu peux le voir dans le rapport où hijack a été renommmé, deux lignes apparaissent avec des fichiers.dll au nom aléatoire dans le fichier system 32, ce qui est caractéristique d'une infection vundo !

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    ++
    0
  4. bricedenice
     
    Voici le rapport :

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 05:09:56 10/01/2008

    Listing files found while scanning....

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 15:24:31 10/01/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\mlljg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\gjllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\mlljg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. bricedenice
     
    A noter que lorsque le pc a redémarrer, les dll ont été redétectées par antivir.
    Il à également détecté d'autre trj du type "Drop.Agent.dgo.8", ainsi que "Drop.Agent.dgo.154". Ils ont pour source des fichiers .tmp situés dans "local settings".

    Merci de votre aide !
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    T'inquiète pas ! on va virer tout ça ! :)

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  8. bricedenice
     
    A l'attaaaaaaaaque ! lol

    Voici le rapport combofix

    ComboFix 08-01-10.2 - LESNE Brice 2008-01-10 16:40:00.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.787 [GMT 1:00]
    Running from: C:\Documents and Settings\LESNE Brice\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Documents\Ma musique\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Mes images\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Mes vidéos\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\db\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\skins\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\sounds\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2008\db\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2008\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2008\skins\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2008\sounds\Desktop_.ini
    C:\Documents and Settings\All Users\Documents\wech\Desktop_.ini
    C:\Program Files\eMule\emule .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mlljg.exe
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\tmp31.tmp
    C:\WINDOWS\system32\wpcap.dll

    [code] <pre>
    C:\Program Files\MSN Messenger\MsnMsgr .Exe ---> MsnMsgr.Exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm .exe ---> Remoterm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe ---> TeaTimer.exe
    C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE ---> IMJPMIG.EXE
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe ---> ImScInst.exe
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE ---> TINTSETP.EXE
    </pre> [/code]
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\NPF

    ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
    .

    2008-01-10 16:51 . 2008-01-10 16:51 <REP> d-------- C:\WINDOWS\LastGood
    2008-01-10 16:51 . 2008-01-10 16:48 1,542,144 --a------ C:\WINDOWS\system32\OLDC.tmp
    2008-01-10 16:50 . 2008-01-10 16:50 794,112 --a------ C:\WINDOWS\system32\cmd .exe
    2008-01-10 16:50 . 2008-01-10 16:50 326,144 --a------ C:\WINDOWS\system32\mlljg.dll
    2008-01-10 16:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-10 16:26 . 2008-01-10 16:26 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-01-09 16:05 . 2008-01-09 16:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-09 15:49 . 2008-01-09 15:50 <REP> d-------- C:\Program Files\Panda Security
    2008-01-08 18:03 . 2008-01-08 18:03 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\PrevxCSI
    2008-01-08 18:03 . 2008-01-08 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2008-01-08 16:41 . 2008-01-08 17:29 <REP> d-------- C:\VundoFix Backups
    2008-01-06 19:39 . 2008-01-06 19:39 <REP> d-------- C:\Program Files\Avira
    2008-01-06 19:39 . 2008-01-06 19:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-03 20:49 . 2008-01-03 20:49 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-03 18:42 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-01-03 18:42 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-01-03 18:42 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-01-03 18:20 . 2008-01-03 18:20 <REP> d-------- C:\WINDOWS\65F1CF6331E0450B96F34A88BE7361A6.TMP
    2008-01-03 17:42 . 2008-01-03 17:42 268 --ah----- C:\sqmdata04.sqm
    2008-01-03 17:42 . 2008-01-03 17:42 244 --ah----- C:\sqmnoopt04.sqm
    2007-12-21 12:00 . 2007-12-21 12:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-21 11:26 . 2008-01-06 19:44 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck .exe
    2007-12-21 11:26 . 2008-01-06 14:26 245,760 --a------ C:\WINDOWS\system32\Check .exe
    2007-12-21 11:26 . 2008-01-06 14:26 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
    2007-12-21 11:26 . 2008-01-06 14:26 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
    2007-12-21 11:25 . 2008-01-06 14:25 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
    2007-12-21 11:25 . 2008-01-06 14:25 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
    2007-12-19 19:45 . 2005-07-16 02:39 374,272 --a------ C:\WINDOWS\system32\mss32.dll
    2007-12-19 19:19 . 2007-12-20 21:15 319 --ahs---- C:\WINDOWS\system32\aybeg.ini
    2007-12-19 18:51 . 2007-12-19 18:51 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-12-19 18:28 . 2007-12-19 18:28 <REP> d-------- C:\WINDOWS\system32\AGEIA
    2007-12-17 21:12 . 2007-12-17 21:12 <REP> d-------- C:\Program Files\LimeWire
    2007-12-17 21:12 . 2007-12-17 21:18 <REP> d-------- C:\Documents and Settings\LESNE Brice\Incomplete
    2007-12-17 21:12 . 2008-01-03 17:50 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\LimeWire
    2007-12-16 20:53 . 2007-12-16 20:53 26 --a------ C:\WINDOWS\ATICIM.MIF
    2007-12-16 20:50 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2007-12-16 20:42 . 2007-12-16 20:42 193,080 --a------ C:\WINDOWS\Label9
    2007-12-16 20:42 . 2007-12-16 20:42 108 --a------ C:\WINDOWS\Label7
    2007-12-16 20:42 . 2007-12-16 20:42 28 --a------ C:\WINDOWS\Label10
    2007-12-16 20:18 . 2007-12-16 20:18 <REP> d-------- C:\Intel
    2007-12-16 15:56 . 2007-12-16 15:56 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\Microsoft Games
    2007-12-16 15:00 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2007-12-16 15:00 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-12-16 15:00 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2007-12-16 14:06 . 2007-12-16 14:06 <REP> d-------- C:\Program Files\Microsoft Games
    2007-12-15 17:20 . 2008-01-03 19:38 <REP> d-------- C:\Downloads
    2007-12-15 17:05 . 2008-01-08 19:26 <REP> d-------- C:\Program Files\FlashGet
    2007-12-14 13:11 . 2007-12-14 13:11 <REP> d-------- C:\Program Files\Lavalys
    2007-12-14 00:12 . 2007-12-14 00:12 <REP> d-------- C:\ATI
    2007-12-13 23:32 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2007-12-13 23:32 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-12-13 23:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-12-13 23:32 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2007-12-13 23:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
    2007-12-13 23:32 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
    2007-12-13 23:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
    2007-12-13 23:32 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
    2007-12-13 23:31 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
    2007-12-13 21:57 . 2007-12-13 21:57 <REP> d-------- C:\Program Files\NFO viewer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-10 15:52 --------- d-----w C:\Program Files\eMule
    2008-01-10 15:50 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-08 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-06 19:15 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-06 13:28 --------- d-----w C:\Program Files\Launch Manager
    2008-01-04 21:48 --------- d-----w C:\Program Files\Winamp
    2008-01-04 21:48 --------- d-----w C:\Program Files\Arcade
    2008-01-04 13:26 --------- d-----w C:\Program Files\Sony Ericsson
    2008-01-03 16:42 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-20 15:38 --------- d-----w C:\Program Files\StuffPlug3
    2007-12-19 17:28 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-16 19:53 --------- d-----w C:\Program Files\ATI Technologies
    2007-12-16 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 18:47 --------- d-----w C:\Program Files\SogouInput
    2007-12-08 18:47 --------- d-----w C:\Documents and Settings\LESNE Brice\Application Data\SogouPY
    2007-12-08 18:23 --------- d-----w C:\Documents and Settings\LESNE Brice\Application Data\ppstream
    2007-11-26 21:52 --------- d-----w C:\Program Files\SopCast
    2007-11-26 21:30 --------- d-----w C:\Documents and Settings\LESNE Brice\Application Data\SopCast
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 16:58 --------- d-----w C:\Program Files\Lavasoft
    2007-11-12 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-11 20:49 290,816 ------w C:\WINDOWS\Setup1.exe
    2007-04-26 11:44 50,768 ----a-w C:\Documents and Settings\LESNE Brice\Application Data\GDIPFONTCACHEV1.DAT
    2007-02-09 16:43 386,630 --sha-r C:\Program Files\wunauclt.zip
    2007-02-09 16:43 386,630 --sha-r C:\Program Files\wunauclt.tbe
    2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.zip
    2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
    2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
    .
    [code]<pre>
    ----a-w 2,880,512 2008-01-06 18:44:49 C:\Acer\ePM\ePM .exe
    ----a-w 188,416 2008-01-06 13:26:00 C:\Acer\ePM\epm-dm .exe
    ----a-w 49,152 2008-01-06 13:25:53 C:\Program Files\Arcade\PCMService .exe
    ----a-w 339,968 2008-01-06 13:26:01 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    ----a-w 249,896 2008-01-09 14:33:04 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
    ----a-w 171,464 2008-01-06 18:44:58 C:\Program Files\DAEMON Tools\daemon .exe
    ----a-w 5,308,416 2008-01-10 15:52:37 C:\Program Files\eMule\emule .exe
    ----a-w 2,007,088 2008-01-06 18:44:49 C:\Program Files\FlashGet\FlashGet .exe
    ----a-w 132,496 2008-01-06 13:26:23 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 319,488 2008-01-06 13:26:02 C:\Program Files\Launch Manager\QtZgAcer .EXE
    ----a-w 217,088 2008-01-06 13:26:24 C:\Program Files\Logitech\Video\LogiTray .exe
    ----a-w 196,608 2008-01-06 14:04:40 C:\Program Files\Logitech\Video\ManifestEngine .exe
    ----a-w 487,424 2008-01-06 18:44:36 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
    ----a-w 688,218 2008-01-06 13:25:53 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 98,394 2008-01-06 13:25:47 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 33,792 2008-01-06 13:26:05 C:\Program Files\Winamp\winampa .exe
    ----a-w 245,760 2008-01-06 13:26:01 C:\WINDOWS\system32\Check .exe
    ----a-w 794,112 2008-01-10 15:50:47 C:\WINDOWS\system32\cmd .exe
    ----a-w 15,360 2008-01-03 19:49:19 C:\WINDOWS\system32\ctfmon .exe
    ----a-w 126,976 2008-01-06 13:25:47 C:\WINDOWS\system32\hkcmd .exe
    ----a-w 155,648 2008-01-06 13:25:45 C:\WINDOWS\system32\igfxtray .exe
    ----a-w 221,184 2008-01-06 13:26:20 C:\WINDOWS\system32\LVCOMSX .EXE
    ----a-w 155,648 2008-01-06 13:26:01 C:\WINDOWS\system32\NeroCheck .exe
    ----a-w 406,016 2008-01-06 18:44:32 C:\WINDOWS\system32\PSDrvCheck .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA97213E-2525-417C-A799-878D03647C69}]
    C:\WINDOWS\system32\ssttr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC7E0963-CBBC-4CA8-8948-75C49C8237F7}]
    2008-01-10 16:50 326144 --a------ C:\WINDOWS\system32\mlljg.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ .exe" [ ]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
    "eMuleAutoStart"="C:\Program Files\eMule\emule .exe" [2008-01-10 16:52 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [ ]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
    "I downloaded pirated Software from P2P"="Virtua Tennis 3" []
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
    "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [ ]
    "epm-dm"="c:\acer\epm\epm-dm.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\mlljg.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mlljg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 12:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 15:54]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 14:57]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 13:46]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 17:23]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 17:23]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 17:23]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 17:23]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 17:23]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 17:23]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 17:24]
    S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 17:04]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 17:04]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5eebc2-b74f-11da-b5bd-0012f084768e}]
    \Shell\AutoRun\command - I:\AutoRun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-05-28 12:05:38 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-10 16:52:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-10 16:55:08
    ComboFix-quarantined-files.txt 2008-01-10 15:55:02
    .
    2008-01-10 15:27:26 --- E O F ---
    0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    :)

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  10. bricedenice
     
    Voici le rapport SDfix

    SDFix: Version 1.125

    Run by Brice on 10/01/2008 at 17:41

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\LESNEB~1\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\tmp3E.tmp - Deleted
    C:\WINDOWS\antiv.exe - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-10 17:48:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:47,dd,21,8e,54,30,a3,cd,63,1b,73,ab,b2,6a,10,29,67,dc,bf,46,51,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:30,0e,92,d5,a6,a1,d6,1e,70,d7,13,db,56,c3,5a,0b,57,f4,0d,61,9b,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,5b,a3,ea,0d,10,27,e6,86,57,d1,a0,94,3d,3f,54,2b,4d,..
    "khjeh"=hex:29,66,17,1f,3c,a6,a1,69,e7,32,15,3c,ff,d5,5e,bf,9f,a3,95,77,16,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:d6,7f,14,cd,fc,c1,5c,21,fc,47,f5,2a,e7,6f,21,34,8b,4d,ec,26,f6,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:a1,cb,bf,9c,14,ad,6c,0b,92,ef,67,44,77,e1,3d,b4,69,a8,3a,e9,ae,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:47,dd,21,8e,54,30,a3,cd,63,1b,73,ab,b2,6a,10,29,67,dc,bf,46,51,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:30,0e,92,d5,a6,a1,d6,1e,70,d7,13,db,56,c3,5a,0b,57,f4,0d,61,9b,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,5b,a3,ea,0d,10,27,e6,86,57,d1,a0,94,3d,3f,54,2b,4d,..
    "khjeh"=hex:29,66,17,1f,3c,a6,a1,69,e7,32,15,3c,ff,d5,5e,bf,9f,a3,95,77,16,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:d6,7f,14,cd,fc,c1,5c,21,fc,47,f5,2a,e7,6f,21,34,8b,4d,ec,26,f6,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:a1,cb,bf,9c,14,ad,6c,0b,92,ef,67,44,77,e1,3d,b4,69,a8,3a,e9,ae,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\LESNEB~1\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Sun 27 Aug 2006 1,015,973 A.SHR --- "C:\Program Files\serial.zip"
    Fri 9 Feb 2007 386,630 A.SHR --- "C:\Program Files\wunauclt.zip"
    Wed 30 Mar 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Wed 30 Mar 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Wed 30 Mar 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Wed 30 Mar 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Wed 30 Mar 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Fri 4 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 8 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb96ceab77261e76cdbe943d8cf8e4cc\BIT3.tmp"
    Fri 4 May 2007 4,348 ...H. --- "C:\Documents and Settings\LESNE Brice\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Tue 18 Dec 2007 20 A..H. --- "C:\Documents and Settings\LESNE Brice\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Fri 14 Sep 2007 312 ...H. --- "C:\Documents and Settings\LESNE Brice\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Tue 18 Dec 2007 1,536 A..H. --- "C:\Documents and Settings\LESNE Brice\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"

    Finished!
    0
  11. bricedenice
     
    Et le dossier hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:00:43, on 10/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\ccm.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/hbt.php?rewrite=fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {0126E57E-CFF8-4E5E-929A-C93169AEEE32} - C:\WINDOWS\system32\mlljg.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AA97213E-2525-417C-A799-878D03647C69} - C:\WINDOWS\system32\ssttr.dll (file missing)
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Virtua Tennis 3
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule .exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    bien, on continue : fais ce qui est indiqué ici

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    ++
    0
  13. bricedenice
     
    Voici le rapport AVG Anti-Spyware. Seul petit soucis, j'ai pas réussi du 1er coup... Du coup j'ai refait une deuxieme analyse. Si ca peu t'aider la 1ere foi il m'avait détecté un truc dangereux... et à la deuxieme analyse il ne la plus détecté... donc jpense que c'est bon !

    Je post quand même le rapport. Et je lance une analyse Bitdefender....

    ++

    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:21:47 10/01/2008

    + Résultat de l'analyse:

    C:\Program Files\serial.zip -> Adware.Generic : Nettoyé.
    :mozilla.40:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.48:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.49:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.50:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.51:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.8:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.43:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.14:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.32:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.33:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.34:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.26:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.31:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.25:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.27:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.28:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.29:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.30:C:\Documents and Settings\LESNE Brice\Application Data\Mozilla\Firefox\Profiles\vju8sf53.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

    Fin du rapport
    0
  14. bricedenice
     
    Voici le rapport bitdefender

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Fri, Jan 11, 2008 - 05:07:21

    Scan Info

    Scanned Files

    155789

    Infected Files

    88

    Virus Detected

    Trojan.Vundo.DVD

    22

    Trojan.Dropper.Vundo.E

    29

    Trojan.Fotomoto.H

    2

    Trojan.Vundo.DVS

    35

    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
    0
  15. Wipi Messages postés 7 Statut Membre 8
     
    Bonjour bricedenice,
    L'orsque ton PC sera désinfecté, je te conseille de partionné ton disque dur en deux partitions,puis de te procurer "Acronis true image" et de te creer une image de ta partition C:\ que tu garderas sur ta deuxieme partition.
    Si jamais ton PC se réinfecte, tu n'auras qu'a restaurer ton image et ...parti les virus.Ce qui prend environ 35 minutes dépendammant du nombre de Go de ta partition C:\ Par contre sois sûrqu'il est totalement désinfecté...sinon tu vas faire une image de tes virus..et tu vas les restaurer!
    J'ai déja eu beaucoup de problèmes de virus par le passé..mais depuis plusieurs années je me fous des virus!
    Ce n'était qu'une suggestion! Bonne Chance..
    Wipi
    0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    oui, l'image système est une bonne alternative !

    Télécharge RenV.exe d'sUBs sur ton Bureau:

    http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

    Double-clique sur RenV.exe pour le lancer, et patiente.

    Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le en réponse.

    ++
    0
  17. bricedenice
     
    Voici le rapport RenV

    [code]
    Ran on 11/01/2008 - 15:26:56,23

    ----a-w 2,880,512 2008-01-06 18:44:49 C:\Acer\ePM\ePM .exe
    ----a-w 188,416 2008-01-06 13:26:00 C:\Acer\ePM\epm-dm .exe
    ----a-w 49,152 2008-01-06 13:25:53 C:\Program Files\Arcade\PCMService .exe
    ----a-w 339,968 2008-01-06 13:26:01 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    ----a-w 249,896 2008-01-09 14:33:04 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
    ----a-w 171,464 2008-01-06 18:44:58 C:\Program Files\DAEMON Tools\daemon .exe
    ----a-w 2,007,088 2008-01-06 18:44:49 C:\Program Files\FlashGet\FlashGet .exe
    ----a-w 132,496 2008-01-06 13:26:23 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 319,488 2008-01-06 13:26:02 C:\Program Files\Launch Manager\QtZgAcer .EXE
    ----a-w 217,088 2008-01-06 13:26:24 C:\Program Files\Logitech\Video\LogiTray .exe
    ----a-w 196,608 2008-01-06 14:04:40 C:\Program Files\Logitech\Video\ManifestEngine .exe
    ----a-w 487,424 2008-01-06 18:44:36 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
    ----a-w 688,218 2008-01-06 13:25:53 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 98,394 2008-01-06 13:25:47 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 33,792 2008-01-06 13:26:05 C:\Program Files\Winamp\winampa .exe
    ----a-w 245,760 2008-01-06 13:26:01 C:\WINDOWS\system32\Check .exe
    ----a-w 794,112 2008-01-10 15:50:47 C:\WINDOWS\system32\cmd .exe
    ----a-w 15,360 2008-01-03 19:49:19 C:\WINDOWS\system32\ctfmon .exe
    ----a-w 126,976 2008-01-06 13:25:47 C:\WINDOWS\system32\hkcmd .exe
    ----a-w 155,648 2008-01-06 13:25:45 C:\WINDOWS\system32\igfxtray .exe
    ----a-w 221,184 2008-01-06 13:26:20 C:\WINDOWS\system32\LVCOMSX .EXE
    ----a-w 155,648 2008-01-06 13:26:01 C:\WINDOWS\system32\NeroCheck .exe
    ----a-w 406,016 2008-01-06 18:44:32 C:\WINDOWS\system32\PSDrvCheck .exe

    Entries: 23 (23)
    Directories: 0 Files: 23
    Bytes: 10,180,708 Blocks: 19,888
    [/code]
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ok,

    Créé un fichier Bloc Notes avec le texte qui se trouve en gras :

    C:\Acer\ePM\ePM .exe
    C:\Acer\ePM\epm-dm .exe
    C:\Program Files\Arcade\PCMService .exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
    C:\Program Files\DAEMON Tools\daemon .exe
    C:\Program Files\FlashGet\FlashGet .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\Launch Manager\QtZgAcer .EXE
    C:\Program Files\Logitech\Video\LogiTray .exe
    C:\Program Files\Logitech\Video\ManifestEngine .exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    C:\Program Files\Winamp\winampa .exe
    C:\WINDOWS\system32\Check .exe
    C:\WINDOWS\system32\cmd .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\WINDOWS\system32\hkcmd .exe
    C:\WINDOWS\system32\igfxtray .exe
    C:\WINDOWS\system32\LVCOMSX .EXE
    C:\WINDOWS\system32\NeroCheck .exe
    C:\WINDOWS\system32\PSDrvCheck .exe


    # Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
    # Choisis "Enregistrer sous" et choisis "Bureau"
    # Dans le champs "Nom du fichier" en bas de page donne le nom suivant:Log.txt
    # Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
    # Quitte le Bloc Notes.
    # Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme sur la capture d'écran
    https://www.enregistrersous.com/

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu stp

    ++

    0
  19. bricedenice
     
    Voici le rapport

    [code]
    Ran on 11/01/2008 - 16:00:14,06

    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    [/code]
    0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    très bien, poste un nouveau combo stp

    ++
    0
  21. bricedenice
     
    C'est normal que pendant le scan avec RenV, avec les liens que tu ma donné, il etait écrit "impossible de trouver C:\..." ???

    Antivir me détecte toujours les mêmes trj pour l'instant.
    J'espere que ca va marcher !!!!

    Le scan avec combofix n'a pas été fait en mode sans echec. Il fallait ?

    Voici le rapport :

    ComboFix 08-01-10.2 - Brice 2008-01-11 16:07:05.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 1:00]
    Running from: C:\Documents and Settings\LESNE Brice\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\qolvoyhr.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-11 16:00 . 2008-01-06 19:44 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-11 16:00 . 2008-01-06 14:26 245,760 --a------ C:\WINDOWS\system32\Check.exe
    2008-01-11 16:00 . 2008-01-06 14:26 221,184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
    2008-01-11 16:00 . 2008-01-06 14:26 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-01-11 16:00 . 2008-01-06 14:25 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
    2008-01-11 16:00 . 2008-01-06 14:25 126,976 --a------ C:\WINDOWS\system32\hkcmd.exe
    2008-01-11 16:00 . 2008-01-03 20:49 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
    2008-01-11 16:00 . 2008-01-03 20:49 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
    2008-01-10 20:28 . 2008-01-11 05:07 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-10 18:17 . 2008-01-10 18:17 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\Grisoft
    2008-01-10 18:17 . 2008-01-10 18:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-10 18:17 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-10 17:38 . 2008-01-10 17:39 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-10 16:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-09 16:05 . 2008-01-09 16:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-09 15:49 . 2008-01-09 15:50 <REP> d-------- C:\Program Files\Panda Security
    2008-01-08 18:03 . 2008-01-08 18:03 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\PrevxCSI
    2008-01-08 18:03 . 2008-01-08 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2008-01-08 16:41 . 2008-01-10 21:08 <REP> d-------- C:\VundoFix Backups
    2008-01-06 19:39 . 2008-01-06 19:39 <REP> d-------- C:\Program Files\Avira
    2008-01-06 19:39 . 2008-01-06 19:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-03 18:42 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-01-03 18:42 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-01-03 18:42 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-01-03 18:42 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-01-03 18:20 . 2008-01-03 18:20 <REP> d-------- C:\WINDOWS\65F1CF6331E0450B96F34A88BE7361A6.TMP
    2008-01-03 17:42 . 2008-01-03 17:42 268 --ah----- C:\sqmdata04.sqm
    2008-01-03 17:42 . 2008-01-03 17:42 244 --ah----- C:\sqmnoopt04.sqm
    2007-12-21 12:00 . 2007-12-21 12:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-19 19:45 . 2005-07-16 02:39 374,272 --a------ C:\WINDOWS\system32\mss32.dll
    2007-12-19 19:19 . 2007-12-20 21:15 319 --ahs---- C:\WINDOWS\system32\aybeg.ini
    2007-12-19 18:51 . 2007-12-19 18:51 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-12-19 18:28 . 2007-12-19 18:28 <REP> d-------- C:\WINDOWS\system32\AGEIA
    2007-12-17 21:12 . 2007-12-17 21:12 <REP> d-------- C:\Program Files\LimeWire
    2007-12-17 21:12 . 2007-12-17 21:18 <REP> d-------- C:\Documents and Settings\LESNE Brice\Incomplete
    2007-12-17 21:12 . 2008-01-03 17:50 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\LimeWire
    2007-12-16 20:53 . 2007-12-16 20:53 26 --a------ C:\WINDOWS\ATICIM.MIF
    2007-12-16 20:50 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2007-12-16 20:42 . 2007-12-16 20:42 193,080 --a------ C:\WINDOWS\Label9
    2007-12-16 20:42 . 2007-12-16 20:42 108 --a------ C:\WINDOWS\Label7
    2007-12-16 20:42 . 2007-12-16 20:42 28 --a------ C:\WINDOWS\Label10
    2007-12-16 20:18 . 2007-12-16 20:18 <REP> d-------- C:\Intel
    2007-12-16 15:56 . 2007-12-16 15:56 <REP> d-------- C:\Documents and Settings\LESNE Brice\Application Data\Microsoft Games
    2007-12-16 15:00 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2007-12-16 15:00 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-12-16 15:00 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2007-12-16 14:06 . 2007-12-16 14:06 <REP> d-------- C:\Program Files\Microsoft Games
    2007-12-15 17:20 . 2008-01-03 19:38 <REP> d-------- C:\Downloads
    2007-12-15 17:05 . 2008-01-11 16:00 <REP> d-------- C:\Program Files\FlashGet
    2007-12-14 13:11 . 2007-12-14 13:11 <REP> d-------- C:\Program Files\Lavalys
    2007-12-14 00:12 . 2007-12-14 00:12 <REP> d-------- C:\ATI
    2007-12-13 23:32 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2007-12-13 23:32 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-12-13 23:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-12-13 23:32 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2007-12-13 23:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
    2007-12-13 23:32 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
    2007-12-13 23:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
    2007-12-13 23:32 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
    2007-12-13 23:31 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
    2007-12-13 21:57 . 2007-12-13 21:57 <REP> d-------- C:\Program Files\NFO viewer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-11 15:00 --------- d-----w C:\Program Files\Winamp
    2008-01-11 15:00 --------- d-----w C:\Program Files\Launch Manager
    2008-01-11 15:00 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-11 15:00 --------- d-----w C:\Program Files\Arcade
    2008-01-10 19:46 --------- d-----w C:\Program Files\eMule
    2008-01-10 15:50 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-08 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-04 13:26 --------- d-----w C:\Program Files\Sony Ericsson
    2008-01-03 16:42 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-20 15:38 --------- d-----w C:\Program Files\StuffPlug3
    2007-12-19 17:28 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-16 19:53 --------- d-----w C:\Program Files\ATI Technologies
    2007-12-16 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 18:47 --------- d-----w C:\Program Files\SogouInput
    2007-12-08 18:47 --------- d-----w C:\Documents and Settings\LESNE Brice\Application Data\SogouPY
    2007-12-08 18:23 --------- d-----w C:\Documents and Settings\LESNE Brice\Application Data\ppstream
    2007-11-26 21:52 --------- d-----w C:\Program Files\SopCast
    2007-11-26 21:30 --------- d-----w C:\Documents and Settings\LESNE Brice\Application Data\SopCast
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 16:58 --------- d-----w C:\Program Files\Lavasoft
    2007-11-12 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-11 20:49 290,816 ------w C:\WINDOWS\Setup1.exe
    2007-04-26 11:44 50,768 ----a-w C:\Documents and Settings\LESNE Brice\Application Data\GDIPFONTCACHEV1.DAT
    2007-02-09 16:43 386,630 --sha-r C:\Program Files\wunauclt.zip
    2007-02-09 16:43 386,630 --sha-r C:\Program Files\wunauclt.tbe
    2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
    2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-10_16.54.31.65 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-10 19:28:23 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-01-10 19:28:24 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-01-10 19:28:24 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-01-10 19:28:39 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-01-10 19:28:42 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-01-10 19:28:27 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2007-10-25 09:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2008-01-10 04:51:09 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-01-10 16:39:23 9,154,560 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-10 16:39:23 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-10 04:51:09 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-01-10 16:38:58 9,154,560 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-10 16:38:59 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
    - 2007-12-14 22:49:29 218,448 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-01-11 14:22:17 217,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eMuleAutoStart"="C:\Program Files\eMule\emule .exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "I downloaded pirated Software from P2P"="Virtua Tennis 3" []
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-03 20:49 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 12:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 15:54]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 14:57]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 13:46]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 17:23]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 17:23]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 17:23]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 17:23]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 17:23]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 17:23]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 17:24]
    S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 17:04]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 17:04]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5eebc2-b74f-11da-b5bd-0012f084768e}]
    \Shell\AutoRun\command - I:\AutoRun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-05-28 12:05:38 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-11 16:14:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\TEMP

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    Completion time: 2008-01-11 16:17:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-11 15:17:03
    ComboFix2.txt 2008-01-10 15:55:08
    .
    2008-01-10 15:27:26 --- E O F ---
    0
  • 1
  • 2