infection par le trojan Win32:TratBHO!HELP!!!

Question

bonjour a tous!

cela fait 3 jours que avast me détecte le trojan Win32:TratBHO ds system32. Que je mette en quarantaine le fichier ou ke je le supprime, il finit par toujours revenir!!!
cela fait maintenant 3 jours qu'il est la et g peur qu'il finissent par m'infecter trop de fichiers dll sous system32.
g vu ke pas mal de monde était infecté par ce trojan! 
est-ce que qqun pourrait me donner une méthode précise et efficace  pour m'en débarrasser définitivement. je me débrouille pas trop mal en manip informatique dc je suis à l'ecoute!! g déja télécharger sur mon ordi combofix et vundofix en lisant d'autres solutions proposées sur ce forum

Merci d'avance pour votre aide!!!!!!!

jeager · Answer

salut
désactive  avast et fait une anlyse en ligne avec secuser !
@+

jeager · Answer

POUQUOI JE TE PARLE D'AVAST?????

gudule · Answer

Salut,

j'ai eu le même la semaine dernière, la façon que j'ai trouvé pour m'en débarrasser est de restaurer le système avant l'apparition de trojan win 32.

il n'est pas réapparu depuis.

Bonne chance

nits24 · Answer

merci gudule mais le pb c ke je me suis aperçu ke j'avais empecher mon systeme de creer des pts de restauration!!!!
je n'ai dc pas de point de restauration avant l'apparition du trojan!!!!

evasion60/PCA · Answer

Bonjour Nits24

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. 
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Nota: c'est une nouvelle infection ( le rapport de ComboFix, doit nous la donner, si c'est elle )

Bonne réception, et à te lire

nits24 · Answer

merci evasion60/PCA

voici le log texte de renV


[code]
Ran on 12/01/2008 - 17:45:39,31

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0
[/code]

nits24 · Answer

dslé evasion60/PCA pour le retard mais mon ordi est de plus en plus beugué
je te passe le rapport hijackthis...
mais je n'arrive pas a env le log de combofix!!
je v en recommencer un


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:22, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C3F72D7-AD13-4AE1-9CF2-9C40267370C0} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\pmnmllk.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MESFIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B08D8A-8146-4177-9408-FBA61BF617CA}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

evasion60/PCA · Answer

Re Nits24

...Il me faut le rapport ComboFix ( impératif )
HijackThis, est un très bon " outil ", mais ne " vois " pas ce genre d'infection !!

...Oui, je l'attends :
mais je n'arrive pas a env le log de combofix!!
je v en recommencer un 

...T'inquiète pas, c'est uine nelle infection qui arrive par le Web, mais nous avons des " Outils ", pour virer cette cochonnerie 

B.R.

nits24 · Answer

voila le combofix tant attendu!!!!!!je l'avais mal realisé la premiere fois! ComboFix 08-01-10.2 - nicolas nithart 2008-01-12 18:53:47.4 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.508 [GMT 0:00] Running from: C:\Documents and Settings icolas nithart\Bureau\desinfection virus\ComboFix.exe . [color=purple]The following files were disabled during the run:[/color] C:\WINDOWS\system32\sockspy.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\acer\epm\epm-dm.exe C:\Acer\ePM\ePM.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe C:\Program Files\Alwil Software\Avast4\ashDisp .exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32 qtss.ini C:\WINDOWS\system32 qtss.ini2 C:\WINDOWS\system32\sstqn.dll C:\WINDOWS\system32\sstqn.exe [code]

C:\Program Files\Synaptics\SynTP\SynTPLpr .exe ---> SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe ---> AdobeUpdateManager.exe
C:\Program Files\Softwin\BitDefender10\bdagent .exe ---> bdagent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox
C:\Program Files\Launch Manager\QtZgAcer .EXE ---> QtZgAcer.EXE
C:\Program Files\Logitech\QuickCam\Quickcam .exe ---> Quickcam.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe ---> ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe ---> ifrmewrk.exe
C:\Acer\ePM\epm-dm .exe ---> epm-dm.exe
C:\Acer\ePM\ePM .exe ---> ePM.exe

[/code] . . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))))))) . 2008-01-12 18:05 . 2008-01-12 18:04 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941 2008-01-12 18:03 . 2008-01-12 18:04 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941 2008-01-12 18:00 . 2008-01-12 18:00 d-------- C:\WINDOWS\AU_Temp 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings icolas nithart\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\LocalService\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-11 18:33 . 2008-01-11 18:33 21,361 --a------ C:\WINDOWS\AegisP.sys 2008-01-11 18:33 . 2008-01-11 18:33 13,984 --a------ C:\WINDOWS\AegisP.inf 2008-01-11 18:33 . 2008-01-11 18:33 10,640 --a------ C:\WINDOWS\AegisP.cat 2008-01-11 18:32 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll 2008-01-11 18:32 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll 2008-01-11 18:21 . 2008-01-11 18:21 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-01-11 18:19 . 2008-01-11 18:19 d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-11 18:19 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-01-11 18:19 . 2008-01-12 19:01 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-01-11 17:53 . 2004-11-09 01:31 13 --a------ C:\WINDOWS\system32\drivers\verfile.tic 2008-01-11 16:26 . 2008-01-11 16:26 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-01-11 15:02 . 2008-01-11 15:02 d-------- C:\Documents and Settings\Administrateur\Application Data\Bitdefender 2008-01-11 14:44 . 2008-01-11 14:44 d-------- C:\Documents and Settings icolas nithart\Application Data\Bitdefender 2008-01-11 14:42 . 2008-01-12 18:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-01-11 14:39 . 2008-01-11 14:39 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-01-11 14:24 . 2008-01-11 14:24 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-09 17:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-09 16:07 . 2008-01-09 16:07 d-------- C:\VundoFix Backups 2008-01-08 19:45 . 2008-01-08 19:45 d-------- C:\Documents and Settings icolas nithart\Application Data\Nero 2008-01-08 19:41 . 2008-01-08 19:41 d-------- C:\Program Files\Nero 2008-01-08 19:41 . 2008-01-08 19:41 d-------- C:\Program Files\Fichiers communs\Nero 2008-01-08 19:41 . 2008-01-08 19:41 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-01-08 18:33 . 2008-01-08 18:33 37,888 --------- C:\WINDOWS\system32\pmnmllk.dll 2008-01-08 17:56 . 2008-01-08 17:56 d-------- C:\WINDOWS\Modio 2008-01-08 17:49 . 2008-01-08 17:50 d-------- C:\Program Files\ma-config.com 2008-01-08 17:49 . 2008-01-08 17:50 d-------- C:\Documents and Settings icolas nithart\Application Data\ma-config.com 2008-01-08 14:57 . 2008-01-11 18:33 10,368 --a------ C:\WINDOWS\AegisP.PNF 2008-01-08 14:56 . 2008-01-08 14:56 d-------- C:\Program Files\Intel 2008-01-08 14:54 . 2008-01-08 14:54 d-------- C:\Program Files\intel logiciel 2008-01-08 14:37 . 2008-01-08 14:37 d-------- C:\Program Files\Intel pilote carte wifi 2008-01-07 18:08 . 2008-01-08 13:54 146 --a------ C:\WINDOWS\Antidote.ini 2008-01-07 16:27 . 2008-01-07 16:27 d-------- C:\Program Files\Druide 2008-01-07 16:27 . 2008-01-07 16:27 d-------- C:\Documents and Settings icolas nithart\Application Data\Druide 2008-01-07 12:59 . 2008-01-07 12:59 d-------- C:\Program Files\Ares 2008-01-03 17:41 . 2008-01-03 17:41 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-02 20:17 . 2008-01-02 20:17 d-------- C:\Program Files\Messenger Plus! Live 2008-01-02 18:30 . 2005-03-30 23:29 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-01-02 18:30 . 2005-03-30 23:29 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-02 18:30 . 2005-03-30 23:29 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-01-02 18:30 . 2005-03-30 23:44 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-02 18:30 . 2005-03-30 23:29 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-01-02 18:30 . 2005-03-30 23:44 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-01-02 18:30 . 2005-03-30 23:29 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-02 15:29 . 2008-01-02 15:29 d-------- C:\Program Files\a-squared Free 2008-01-02 14:58 . 2008-01-02 14:58 d-------- C:\Program Files\Trend Micro 2007-12-30 20:53 . 2007-12-30 20:53 d-------- C:\Documents and Settings icolas nithart\Application Data\Samsung 2007-12-30 20:52 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2007-12-30 20:52 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2007-12-28 16:13 . 2007-12-28 16:13 46,080 --ahs---- C:\WINDOWS\Thumbs.db 2007-12-28 16:12 . 2008-01-02 18:47 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db 2007-12-28 15:03 . 2007-12-28 15:03 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2007-12-25 14:59 . 2003-10-03 13:21 174,592 --a------ C:\framedyn.dll 2007-12-21 12:51 . 2007-12-21 12:51 244 --ah----- C:\sqmnoopt00.sqm 2007-12-21 12:51 . 2007-12-21 12:51 232 --ah----- C:\sqmdata00.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 18:59 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-12 18:59 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-12 18:04 86,094 ----a-w C:\WINDOWS\BPMNT.dll 2008-01-12 18:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll 2008-01-12 18:04 267,845 ----a-w C:\WINDOWS sc.exe 2008-01-12 18:04 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll 2008-01-12 18:00 69,689 ----a-w C:\WINDOWS\UNZIP.DLL 2008-01-12 18:00 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL 2008-01-12 18:00 286,720 ----a-w C:\WINDOWS\PATCH.EXE 2008-01-11 18:20 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-11 18:20 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-12-07 09:33 --------- d-----w C:\Program Files\Logitech 2007-12-07 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2007-12-07 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2007-12-06 08:11 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-05 05:56 --------- d-----w C:\Documents and Settings icolas nithart\Application Data\U3 2007-12-04 20:01 --------- d-----w C:\Program Files\Skype 2007-12-04 20:01 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-04 09:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 09:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 09:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 09:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 09:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 08:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 07:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-12-02 04:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-29 19:01 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2007-11-29 18:52 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-29 18:52 --------- d-----w C:\Program Files\Windows Live 2007-11-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-23 20:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-11-23 20:00 --------- d-----w C:\Documents and Settings icolas nithart\Application Data\skypePM 2007-11-21 23:53 --------- d-----w C:\Program Files\Picasa2 2007-11-21 23:53 --------- d-----w C:\Program Files\Google 2007-11-15 00:31 --------- d-----w C:\Program Files\Azureus 2007-11-13 05:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 04:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 04:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 18:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 12:20 360,064 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 17:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 17:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 17:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-23 17:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2005-10-11 19:49 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2005-10-11 19:49 56 --sh--r C:\WINDOWS\system32\439D05A9A9.sys . ((((((((((((((((((((((((((((( snapshot_2008-01-12_18.13.36,87 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-23 00:46:12 277,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-01-12 18:29:58 277,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-01-12 19:00:58 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_210.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C3F72D7-AD13-4AE1-9CF2-9C40267370C0}] C:\WINDOWS\system32\vturo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}] 2008-01-08 18:33 37888 --------- C:\WINDOWS\system32\pmnmllk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-12 18:38 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-01-12 18:38 2178832] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2008-01-12 18:38 2880512] "epm-dm"="c:\acer\epm\epm-dm.exe" [2008-01-12 18:37 188416] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-12 18:37 86105] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 18:38 774233] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ] "eRecoveryService"="C:\Windows\System32\Check.exe" [ ] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-12 18:38 995328] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-12 18:38 1101824] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2008-01-12 18:38 319488] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-01-12 18:38 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\pmnmllk.dll [2008-01-08 18:33 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2008-01-12 18:38 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] --a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-01-11 15:11 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] --a------ 2008-01-11 15:11 533944 C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series] C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate] --a------ 2007-05-25 12:53 270336 C:\Program Files\Samsung\Samsung PC Studio 3\Update\Copyer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\vturo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo] --a------ 2003-04-11 17:06 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-01-21 21:03 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-05 17:00 61440 C:\PROGRA~1\WANADOO askbaricon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 14:49 20480 C:\PROGRA~1\WANADOO\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LVSrvLauncher"=2 (0x2) "XCOMM"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "VSSERV"=2 (0x2) "usnjsvc"=3 (0x3) "LIVESRV"=2 (0x2) "gusvc"=3 (0x3) "bdss"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) "a2free"=2 (0x2) "FTRTSVC"=2 (0x2) "AresChatServer"=3 (0x3) R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e0fd9c-672f-11da-ac4e-00c09fce3a5a}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 19:03:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\sockspy.dll -> C:\WINDOWS\system32\pmnmllk.dll -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll . Completion time: 2008-01-12 19:05:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-12 19:05:50 ComboFix4.txt 2008-01-10 17:25:10 ComboFix3.txt 2008-01-11 16:47:08 ComboFix2.txt 2008-01-12 18:14:42 . 2008-01-09 18:11:21 --- E O F --- merci pour ton aide

nits24 · Answer

ok evasion60/PCA je dois partir...
je ne pourrias me reconnecter que demain...dc si tu peux et en fonction de mes logs envoie moi les plus d'instructions possibles et ce ke je dois eventuellement de renvoyer
je le ferai demain et je t'env les résultats
encore merci pour ton aide!!!!!

nits24 · Answer

bonjour!!
est ce que qqun pourrait me dire ce ke je dois fr apres avoir posté les logs de combofix et de hijackthis??

evasion60/PCA · Answer

Bonjour Nits24

...Bien cool, nous sommes tous volontaires, et avons une vie privée aussi / OK

On continu :

Sélectionne ce texte 

registry:: 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C3F72D7-AD13-4AE1-9CF2-9C40267370C0}]
C:\WINDOWS\system32\vturo.dll

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}]
2008-01-08 18:33 37888 --------- C:\WINDOWS\system32\pmnmllk.dll

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"=- 

File:: 
 
C:\WINDOWS\system32\pmnmllk.dll


Copie le texte sélectionné (CTRL+C). 
Ouvre le bloc-note (programme>Accessoire>bloc-note). 
Colle le texte copié dans ce bloc-note (CTRL+V). 
Sauvegarde ce fichier sous le nom de CFScript.txt 
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture 

 
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé. 
Une fois le scan achevé, un rapport va s'afficher: Poste son contenu. 
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 

Bien à te lire avec le nouveau rapport de ComboFix

nits24 · Answer

bonjour evasion60/PCA dslé mon message n'étaitpas pour te presser...je te remercie bcp pour ton aide g dc fait ce ke tu m'as dit mais entre les rapports ke je t posté avant et celui la avast a mis en quarantaine une quinzaine de fichiers dll de system32 infectés par le trojan est ce que cela peut avoir un effet par rapport a ce ke tu m'as demandé de fr? en tt cas voici le nouveau rapport de combofix: ComboFix 08-01-10.2 - nicolas nithart 2008-01-13 17:51:12.5 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.502 [GMT 0:00] Running from: C:\Documents and Settings\nicolas nithart\Bureau\desinfection virus\ComboFix.exe Command switches used :: C:\Documents and Settings\nicolas nithart\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\pmnmllk.dll . [color=purple]The following files were disabled during the run:[/color] C:\WINDOWS\system32\sockspy.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\pmnmllk.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))))))) . 2008-01-13 15:23 . 2008-01-13 15:23 d-------- C:\Program Files\CCleaner 2008-01-12 18:05 . 2008-01-12 18:04 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941 2008-01-12 18:03 . 2008-01-12 18:04 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941 2008-01-12 18:00 . 2008-01-12 18:00 d-------- C:\WINDOWS\AU_Temp 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\nicolas nithart\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\LocalService\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-01-11 18:33 . 2008-01-11 18:33 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-11 18:33 . 2008-01-11 18:33 21,361 --a------ C:\WINDOWS\AegisP.sys 2008-01-11 18:33 . 2008-01-11 18:33 13,984 --a------ C:\WINDOWS\AegisP.inf 2008-01-11 18:33 . 2008-01-11 18:33 10,640 --a------ C:\WINDOWS\AegisP.cat 2008-01-11 18:32 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll 2008-01-11 18:32 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll 2008-01-11 18:21 . 2008-01-11 18:21 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-01-11 18:19 . 2008-01-11 18:19 d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-11 18:19 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-01-11 18:19 . 2008-01-13 15:55 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-01-11 17:53 . 2004-11-09 01:31 13 --a------ C:\WINDOWS\system32\drivers\verfile.tic 2008-01-11 16:26 . 2008-01-11 16:26 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-01-11 15:02 . 2008-01-11 15:02 d-------- C:\Documents and Settings\Administrateur\Application Data\Bitdefender 2008-01-11 14:44 . 2008-01-11 14:44 d-------- C:\Documents and Settings\nicolas nithart\Application Data\Bitdefender 2008-01-11 14:42 . 2008-01-13 17:50 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-01-11 14:39 . 2008-01-11 14:39 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-01-11 14:24 . 2008-01-11 14:24 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-09 17:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-09 16:07 . 2008-01-09 16:07 d-------- C:\VundoFix Backups 2008-01-08 19:45 . 2008-01-08 19:45 d-------- C:\Documents and Settings\nicolas nithart\Application Data\Nero 2008-01-08 19:41 . 2008-01-08 19:41 d-------- C:\Program Files\Nero 2008-01-08 19:41 . 2008-01-08 19:41 d-------- C:\Program Files\Fichiers communs\Nero 2008-01-08 19:41 . 2008-01-08 19:41 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-01-08 17:56 . 2008-01-08 17:56 d-------- C:\WINDOWS\Modio 2008-01-08 17:49 . 2008-01-08 17:50 d-------- C:\Program Files\ma-config.com 2008-01-08 17:49 . 2008-01-08 17:50 d-------- C:\Documents and Settings\nicolas nithart\Application Data\ma-config.com 2008-01-08 14:57 . 2008-01-11 18:33 10,368 --a------ C:\WINDOWS\AegisP.PNF 2008-01-08 14:56 . 2008-01-08 14:56 d-------- C:\Program Files\Intel 2008-01-08 14:54 . 2008-01-08 14:54 d-------- C:\Program Files\intel logiciel 2008-01-08 14:37 . 2008-01-08 14:37 d-------- C:\Program Files\Intel pilote carte wifi 2008-01-07 18:08 . 2008-01-08 13:54 146 --a------ C:\WINDOWS\Antidote.ini 2008-01-07 16:27 . 2008-01-07 16:27 d-------- C:\Program Files\Druide 2008-01-07 16:27 . 2008-01-07 16:27 d-------- C:\Documents and Settings\nicolas nithart\Application Data\Druide 2008-01-07 12:59 . 2008-01-07 12:59 d-------- C:\Program Files\Ares 2008-01-03 17:41 . 2008-01-03 17:41 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-02 20:17 . 2008-01-02 20:17 d-------- C:\Program Files\Messenger Plus! Live 2008-01-02 18:30 . 2005-03-30 23:29 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-01-02 18:30 . 2005-03-30 23:29 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-02 18:30 . 2005-03-30 23:29 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-01-02 18:30 . 2005-03-30 23:44 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-02 18:30 . 2005-03-30 23:29 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-01-02 18:30 . 2005-03-30 23:44 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-01-02 18:30 . 2005-03-30 23:29 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-02 15:29 . 2008-01-02 15:29 d-------- C:\Program Files\a-squared Free 2008-01-02 14:58 . 2008-01-02 14:58 d-------- C:\Program Files\Trend Micro 2007-12-30 20:53 . 2007-12-30 20:53 d-------- C:\Documents and Settings\nicolas nithart\Application Data\Samsung 2007-12-30 20:52 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2007-12-30 20:52 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2007-12-28 16:13 . 2008-01-13 16:21 46,080 --ahs---- C:\WINDOWS\Thumbs.db 2007-12-28 16:12 . 2008-01-13 15:40 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db 2007-12-28 15:03 . 2007-12-28 15:03 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2007-12-25 14:59 . 2003-10-03 13:21 174,592 --a------ C:\framedyn.dll 2007-12-21 12:51 . 2007-12-21 12:51 244 --ah----- C:\sqmnoopt00.sqm 2007-12-21 12:51 . 2007-12-21 12:51 232 --ah----- C:\sqmdata00.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 15:53 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-13 15:53 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-12 18:04 86,094 ----a-w C:\WINDOWS\BPMNT.dll 2008-01-12 18:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll 2008-01-12 18:04 267,845 ----a-w C:\WINDOWS\tsc.exe 2008-01-12 18:04 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll 2008-01-12 18:00 69,689 ----a-w C:\WINDOWS\UNZIP.DLL 2008-01-12 18:00 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL 2008-01-12 18:00 286,720 ----a-w C:\WINDOWS\PATCH.EXE 2008-01-11 18:20 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-01-11 18:20 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-12-07 09:33 --------- d-----w C:\Program Files\Logitech 2007-12-07 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2007-12-07 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2007-12-06 08:11 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-05 05:56 --------- d-----w C:\Documents and Settings\nicolas nithart\Application Data\U3 2007-12-04 20:01 --------- d-----w C:\Program Files\Skype 2007-12-04 20:01 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-12-04 09:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 09:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 09:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 09:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 09:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 08:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 07:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-12-02 04:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-29 19:01 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2007-11-29 18:52 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-29 18:52 --------- d-----w C:\Program Files\Windows Live 2007-11-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-23 20:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-11-23 20:00 --------- d-----w C:\Documents and Settings\nicolas nithart\Application Data\skypePM 2007-11-21 23:53 --------- d-----w C:\Program Files\Picasa2 2007-11-21 23:53 --------- d-----w C:\Program Files\Google 2007-11-15 00:31 --------- d-----w C:\Program Files\Azureus 2007-11-13 05:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 04:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 04:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 18:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 12:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 17:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 17:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 17:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-23 17:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2005-10-11 19:49 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2005-10-11 19:49 56 --sh--r C:\WINDOWS\system32\439D05A9A9.sys . ((((((((((((((((((((((((((((( snapshot_2008-01-12_18.13.36,87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-09 17:09:36 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-13 17:50:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-09 17:09:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-13 17:50:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-09 17:09:36 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-13 17:50:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-09 17:09:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-13 17:50:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-09 17:09:38 7,663,616 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat + 2008-01-13 17:50:26 7,696,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-09 17:09:38 106,496 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-13 17:50:26 106,496 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat - 2007-11-23 00:46:12 277,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-01-13 15:53:56 276,560 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-01-13 15:54:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_314.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-12 18:38 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-01-12 18:38 2178832] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2008-01-12 18:38 2880512] "epm-dm"="c:\acer\epm\epm-dm.exe" [2008-01-12 18:37 188416] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-12 18:37 86105] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 18:38 774233] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-12 18:38 995328] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-12 18:38 1101824] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2008-01-12 18:38 319488] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-01-12 18:38 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] C:\Documents and Settings\nicolas nithart\Menu D‚marrer\Programmes\D‚marrage\ Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2008-01-12 18:38 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] --a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-01-11 15:11 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] --a------ 2008-01-11 15:11 533944 C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series] C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate] --a------ 2007-05-25 12:53 270336 C:\Program Files\Samsung\Samsung PC Studio 3\Update\Copyer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\vturo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo] --a------ 2003-04-11 17:06 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-01-21 21:03 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-05 17:00 61440 C:\PROGRA~1\WANADOO\taskbaricon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 14:49 20480 C:\PROGRA~1\WANADOO\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LVSrvLauncher"=2 (0x2) "XCOMM"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "VSSERV"=2 (0x2) "usnjsvc"=3 (0x3) "LIVESRV"=2 (0x2) "gusvc"=3 (0x3) "bdss"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) "a2free"=2 (0x2) "FTRTSVC"=2 (0x2) "AresChatServer"=3 (0x3) R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e0fd9c-672f-11da-ac4e-00c09fce3a5a}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 17:54:49 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 17:56:01 ComboFix-quarantined-files.txt 2008-01-13 17:55:58 ComboFix4.txt 2008-01-10 17:25:10 ComboFix3.txt 2008-01-11 16:47:08 ComboFix2.txt 2008-01-12 18:14:42 . 2008-01-09 18:11:21 --- E O F ---

evasion60/PCA · Answer

Re Nits24

dslé mon message n'étaitpas pour te presser...je te remercie bcp pour ton aide 
T'inquiète pas, c'est déjà oublié ;))

...Poste moi un nouveau rapport HijackThis / STP 

B.R.

nits24 · Answer

pas de souci  evasion60/PCA!

voici le noveau rapport de hijackthis

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:20, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MESFIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B08D8A-8146-4177-9408-FBA61BF617CA}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

evasion60/PCA · Answer

Re 
...Attention, tu as installé BitDefender, alors que ton AV est Avast 

Désinstalle BD, via " ajout/suppression de programmes " 

Je fais un break, et reviens un peu plus tard / OK

nits24 · Answer

g désinstaller bitdefender...le trojan ne s'est pas manifester depuis 40 min environ...
dc j'atten té nouvelles instructions!
moi aussi je dois partir
dc on voit la suite dimanche.

evasion60/PCA · Answer

Re Nits24

...Fait ta mise à jour Java --->important Sécurité 
Java Sun/MicroSystem 
https://www.oracle.com/java/technologies/javase-downloads.html
4éme liens...Java Runtime Environnement--->JRE:6u3--->Windows offline
05/10/07

...Ensuite, via " ajout/suppression de programmes " , désinstalle toutes le ancienes versions de Java/Sun, sauf bien sûr celle de ce soir en 6u3

...Enfin, poste moi un nouveau log HJT, pour voir si cela c'est bien passé !

B.R.

nits24 · Answer

bonjour  evasion60/PCA

j'ai mis a jour java et désinstaller les anciennes verdions

voila le log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:08, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MESFIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin
pjpi160_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin
pjpi160_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B08D8A-8146-4177-9408-FBA61BF617CA}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

evasion60/PCA · Answer

Bonjour Nits

...Tu as encore des disfonctionnements avec le PC ?
Si réponse = Non, c'est OK 

fais ce scan en ligne : http://www.bitdefender.fr/bd/site/page.php?tab=0#
Clique, en bas à gauche, sur "scan on line (nouveau)"
Accepte ensuite la licence puis laisse-lui installer l'ActiveX
Laisse-toi guider. 

Tuto en image : http://pageperso.aol.fr/rginformatique/mapage/defender.htm

Poste moi son rapport / STP

Bonne réception

nits24 · Answer

bonjour  evasion60/PCA

bon ça va pas du tout: le scan a ligne a detecté pleins de fichier encore infectés par ce satané trojan!!! (bitdefender le nomme trojan vundo.dvd) mais c le meme que celui que avast apelle win32:tratbho g regardé!!
dc la je sais vraiment plus quoi faire! 
en plus il s'est mis a infecté des fichiers extérieurs au dossier system32!!
g vraiment besoin d'aide la je sais plus quoi fr!!!!!

en tk voila le rapport du scan de bitdefender

BitDefender Online Scanner
Rapport d'analyse généré à: Sun, Jan 13, 2008 - 14:21:52
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
01:26:41
Fichiers
239501
Directoires
8436
Secteurs de boot4
Archives
7401
Paquets programmes
7363
Résultats
Virus identifiés
6
Fichiers infectés
37
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
35
Info sur les moteurs

Définition virus
889920
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14

Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
	
Fichier analysé
	

 Statut

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
	

Infecté par: Trojan.Dropper.Vundo.D

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
	

Echec de la désinfection

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
	

Supprimé

C:\WINDOWS\snet32.exe
	

Infecté par: Trojan.PWS.LDPinch.TAW

C:\WINDOWS\snet32.exe
	

Echec de la désinfection

C:\WINDOWS\snet32.exe
	

Supprimé


C:\Program Files\Alwil Software\Avast4\DATA\moved\mljgd.dll
	

Infecté par: Trojan.Vundo.DVD

C:\Program Files\Alwil Software\Avast4\DATA\moved\mljgd.dll
	

Echec de la désinfection

C:\Program Files\Alwil Software\Avast4\DATA\moved\mljgd.dll
	

Echec de la suppression

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001042.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001042.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001042.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001043.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001043.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001043.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001044.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001044.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP6\A0001044.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001090.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001090.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001090.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001130.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001130.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001130.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001131.ini
	

Infecté par: Trojan.Vundo.DVS

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001131.ini
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001131.ini
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001133.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001133.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001133.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001134.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001134.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001134.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001135.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001135.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001135.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001136.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001136.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001136.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001137.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001137.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001137.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001138.EXE
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001138.EXE
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001138.EXE
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001139.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001139.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001139.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001140.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001140.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001140.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001141.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001141.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001141.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001142.exe
	

Infecté par: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001142.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001142.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001143.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001143.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001143.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001505.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001505.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP7\A0001505.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP8\A0001553.DLL
	

Infecté par: Trojan.Vundo.DVO

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP8\A0001553.DLL
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP8\A0001553.DLL
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002030.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002030.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002030.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002031.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002031.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002031.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002032.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002032.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP10\A0002032.dll
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP12\A0003044.exe
	

Infecté par: Trojan.PWS.LDPinch.TAW

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP12\A0003044.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP12\A0003044.exe
	

Supprimé

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP12\A0003046.dll
	

Infecté par: Trojan.Vundo.DVD

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP12\A0003046.dll
	

Echec de la désinfection

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP12\A0003046.dll
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE.vir
	

Infecté par: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\awtss.dll.vir
	

Infecté par: Trojan.Vundo.DVD

C:\QooBox\Quarantine\C\WINDOWS\system32\awtss.dll.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\awtss.dll.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\awvvu.dll.vir
	

Infecté par: Trojan.Vundo.DVD

C:\QooBox\Quarantine\C\WINDOWS\system32\awvvu.dll.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\awvvu.dll.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccd.dll.vir
	

Infecté par: Trojan.Vundo.DVD

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccd.dll.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\ddccd.dll.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.dll.vir
	

Infecté par: Trojan.Vundo.DVD

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.dll.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.dll.vir
	

Echec de la suppression

C:\QooBox\Quarantine\C\WINDOWS\system32
qtss.ini.vir
	

Infecté par: Trojan.Vundo.DVS

C:\QooBox\Quarantine\C\WINDOWS\system32
qtss.ini.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32
qtss.ini.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32
qtss.ini2.vir
	

Infecté par: Trojan.Vundo.DVS

C:\QooBox\Quarantine\C\WINDOWS\system32
qtss.ini2.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32
qtss.ini2.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir
	

Infecté par: Trojan.Vundo.DVD

C:\QooBox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir
	

Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmllk.dll.vir
	

Infecté par: Trojan.Vundo.DVO

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmllk.dll.vir
	

Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmllk.dll.vir
	

Supprimé

D:	éléchargement\Setup_FreeBurner.exe
	

Infecté par: Trojan.Generic.73479

D:	éléchargement\Setup_FreeBurner.exe
	

Echec de la désinfection

D:	éléchargement\Setup_FreeBurner.exe
	

Supprimé

nits24 · Answer

et désolé pour le tps mis a repondre...g u qques ptis soucis!

nits24 · Answer

voici le nouveau rapport de combofix

ComboFix 08-01-13.1 - nicolas nithart 2008-01-13 16:07:56.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT -6:00]
Running from: C:\Program Files\Mozilla Firefox\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 16:22 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-14 16:17 . 2008-01-14 16:17 <REP> d-------- C:\java
2008-01-14 16:16 . 2008-01-14 16:16 <REP> d-------- C:\Documents and Settings\nicolas nithart\.SunDownloadManager
2008-01-13 16:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:23 . 2008-01-13 15:23 <REP> d-------- C:\Program Files\CCleaner
2008-01-13 14:58 . 2008-01-13 14:58 <REP> d--hs---- C:\FOUND.002
2008-01-13 14:50 . 2008-01-13 14:50 9,852,041 --a------ C:\upload_moi_NITS.tar.gz
2008-01-13 12:47 . 2008-01-13 12:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-12 18:05 . 2008-01-12 18:04 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941
2008-01-12 18:03 . 2008-01-12 18:04 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941
2008-01-12 18:00 . 2008-01-12 18:00 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-11 18:33 . 2008-01-11 18:33 <REP> d-------- C:\Documents and Settings\nicolas nithart\Application Data\Intel
2008-01-11 18:33 . 2008-01-11 18:33 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-11 18:33 . 2008-01-11 18:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-01-11 18:33 . 2008-01-11 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-01-11 18:33 . 2008-01-11 18:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-01-11 18:33 . 2008-01-11 18:33 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-11 18:33 . 2008-01-11 18:33 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-01-11 18:33 . 2008-01-11 18:33 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-01-11 18:33 . 2008-01-11 18:33 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-01-11 18:32 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-01-11 18:32 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-01-11 18:21 . 2008-01-11 18:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-11 18:19 . 2008-01-11 18:19 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-11 18:19 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-01-11 18:19 . 2008-01-13 15:52 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-01-11 17:53 . 2004-11-09 01:31 13 --a------ C:\WINDOWS\system32\drivers\verfile.tic
2008-01-11 14:24 . 2008-01-11 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-08 19:45 . 2008-01-08 19:45 <REP> d-------- C:\Documents and Settings\nicolas nithart\Application Data\Nero
2008-01-08 19:41 . 2008-01-08 19:41 <REP> d-------- C:\Program Files\Nero
2008-01-08 19:41 . 2008-01-08 19:41 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-01-08 19:41 . 2008-01-08 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-08 17:56 . 2008-01-08 17:56 <REP> d-------- C:\WINDOWS\Modio
2008-01-08 17:49 . 2008-01-08 17:50 <REP> d-------- C:\Program Files\ma-config.com
2008-01-08 17:49 . 2008-01-08 17:50 <REP> d-------- C:\Documents and Settings\nicolas nithart\Application Data\ma-config.com
2008-01-08 14:57 . 2008-01-11 18:33 10,368 --a------ C:\WINDOWS\AegisP.PNF
2008-01-08 14:56 . 2008-01-08 14:56 <REP> d-------- C:\Program Files\Intel
2008-01-08 14:54 . 2008-01-08 14:54 <REP> d-------- C:\Program Files\intel logiciel
2008-01-08 14:37 . 2008-01-08 14:37 <REP> d-------- C:\Program Files\Intel pilote carte wifi
2008-01-07 18:08 . 2008-01-08 13:54 146 --a------ C:\WINDOWS\Antidote.ini
2008-01-07 16:27 . 2008-01-07 16:27 <REP> d-------- C:\Program Files\Druide
2008-01-07 16:27 . 2008-01-07 16:27 <REP> d-------- C:\Documents and Settings\nicolas nithart\Application Data\Druide
2008-01-07 12:59 . 2008-01-07 12:59 <REP> d-------- C:\Program Files\Ares
2008-01-03 17:41 . 2008-01-03 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-02 20:17 . 2008-01-02 20:17 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-02 18:30 . 2005-03-30 23:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-02 18:30 . 2005-03-30 23:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-02 18:30 . 2005-03-30 23:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-02 18:30 . 2005-03-30 23:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-02 18:30 . 2005-03-30 23:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-02 18:30 . 2005-03-30 23:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-02 18:30 . 2005-03-30 23:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-02 15:29 . 2008-01-02 15:29 <REP> d-------- C:\Program Files\a-squared Free
2008-01-02 14:58 . 2008-01-02 14:58 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:53 . 2007-12-30 20:53 <REP> d-------- C:\Documents and Settings\nicolas nithart\Application Data\Samsung
2007-12-30 20:52 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-12-30 20:52 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-12-28 16:13 . 2008-01-13 16:21 46,080 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-28 16:12 . 2008-01-13 13:49 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-12-25 14:59 . 2003-10-03 13:21 174,592 --a------ C:\framedyn.dll
2007-12-21 12:51 . 2007-12-21 12:51 244 --ah----- C:\sqmnoopt00.sqm
2007-12-21 12:51 . 2007-12-21 12:51 232 --ah----- C:\sqmdata00.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 00:58 1,410,560 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-13 21:49 1,432,064 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-13 21:47 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-13 21:47 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-13 18:18 737,458 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-13 00:04 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-01-13 00:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-01-13 00:04 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-01-13 00:04 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-01-13 00:00 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-01-13 00:00 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-01-13 00:00 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-12 00:20 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-12 00:20 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-07 15:33 --------- d-----w C:\Program Files\Logitech
2007-12-07 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-07 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-06 14:11 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-05 11:56 --------- d-----w C:\Documents and Settings\nicolas nithart\Application Data\U3
2007-12-05 02:01 --------- d-----w C:\Program Files\Skype
2007-12-05 02:01 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-04 15:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 15:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 15:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 15:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 15:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 14:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 13:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 10:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-30 01:01 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-30 00:52 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-30 00:52 --------- d-----w C:\Program Files\Windows Live
2007-11-30 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-24 02:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-24 02:00 --------- d-----w C:\Documents and Settings\nicolas nithart\Application Data\skypePM
2007-11-22 05:53 --------- d-----w C:\Program Files\Picasa2
2007-11-22 05:53 --------- d-----w C:\Program Files\Google
2007-11-15 06:31 --------- d-----w C:\Program Files\Azureus
2007-11-13 11:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 10:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 10:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 00:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 18:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 23:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 23:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 23:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 15:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 15:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 23:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 17:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2005-10-12 01:49 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-10-12 01:49 56 --sh--r C:\WINDOWS\system32\439D05A9A9.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-12 18:38 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-01-12 18:38 2178832]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2008-01-12 18:38 2880512]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2008-01-12 18:37 188416]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-12 18:37 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 18:38 774233]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-12 18:38 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-12 18:38 1101824]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2008-01-12 18:38 319488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-21 21:03 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

C:\Documents and Settings\nicolas nithart\Menu D‚marrer\Programmes\D‚marrage\
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-11 15:11 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe]
C:\Program Files\Druide\Antidote\Gestionnaire Antidote .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
--a------ 2008-01-11 15:11 533944 C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
--a------ 2007-05-25 12:53 270336 C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\vturo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
--a------ 2003-04-11 17:06 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-21 21:03 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\WANADOO\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-05 17:00 61440 C:\PROGRA~1\WANADOO\taskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 14:49 20480 C:\PROGRA~1\WANADOO\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LVSrvLauncher"=2 (0x2)
"XCOMM"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"VSSERV"=2 (0x2)
"usnjsvc"=3 (0x3)
"LIVESRV"=2 (0x2)
"gusvc"=3 (0x3)
"bdss"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"a2free"=2 (0x2)
"FTRTSVC"=2 (0x2)
"AresChatServer"=3 (0x3)

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e0fd9c-672f-11da-ac4e-00c09fce3a5a}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 16:10:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Completion time: 2008-01-13 16:11:32
.
2008-01-09 18:11:21 --- E O F ---

evasion60/PCA · Answer

Re Nits
...Peux tu me mettre un nouveau log HJT ( pour demain )

Je vais me coucher, à demain soir, après le boulot

nits24 · Answer

ok rdv demain alors
voici le nouveau log hijackthis 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:13, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MESFIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B08D8A-8146-4177-9408-FBA61BF617CA}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

evasion60/PCA · Answer

Bonsoir Nits24
...Bien 

Télécharge:
RegCleaner
http://www.infos-du-net.com/telecharger/3-4-RegCleaner,0301-444.html
V:4.3 #780

...Nous allons nettoyer avec HijackThis
Lance HijackThis, toutes applis fermées, et hors connection, pour un scan only
Fixe les lignes ci dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MESFIC~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 

Clique sur fix checked 

...Lance RegCleaner
Outils/Nettoyer les liens OLE --->scan --->Supprime les entrées trouvées
Puis,
Outils/Nettoyer les fichiers orphelins --->scan ---> Supprime les entrées trouvées

...Relance HJT, pour un scan avec sauvegarde
Publie son rapport / STP

Bonne réception / A demain

nits24 · Answer

bonsoir evasion60/PCA

g réalisé les opérations demadées. bien que je n'ai pas fait de scan antivirus depuis 2 jours, je n'ai pas u de nouvelles alertes du trojan win32 tratBHO...
Mon pc est il enfin guéri??

voici le nouveau rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:22, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\Rar$EX00.843\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B08D8A-8146-4177-9408-FBA61BF617CA}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

evasion60/PCA · Answer

Bonsoir Nits 

....Fixe ces deux lignes avec HijackThis :
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe 

...Je ne te force pas à m'écouter, mais je te conseille de désinstaller Avast4, et de mettre à la place antivir ( certes, il est en anglais, mais une simple recherche Google te donneras la manière de l'installer, et de le configurer )

...Pour désactiver le système de Restauration :

démarrer-----------panneau de configuration------------système----------
onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
redémarre l'ordinateur
Recoche ( Activer la restauration système )

...Nous allons essayer de supprimer certains outils utilisé, dans cette désinfection 

...Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.

Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).
NOTE : Normalement, ton Firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.
Une liste apparaît dans la partie gauche d'OTmoveIT.
Un message apparaît pour confirmer le nettoyage. Confirme.
Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi. 

A te lire, bonne réception

nits24 · Answer

dslé pour le retard evasion60/PCA!!!
g u vcp de choses a fr ces derniers tps!
c t juste pour te signaler que je n'ai plus u des pbs sur mon pc depuis deja 3 jours!
le trojan a du etre detruit!
je te remercie pour tes conseils et ta patience!

evasion60/PCA · Answer

Bonjour Nits24
...et merci du feedback

Si tu le souhaites, marque ton sujet comme résolu
Bonne continuation 
Cordialement / Evasion60PCA

Infection par le trojan Win32:TratBHO!HELP!!!

30 réponses

Votre réponse

Discussions similaires

Newsletters