Win32:Trojan et Win32:Onlinegames

Kobe -  
 kanzaki -
Bonjour,

Hier mon AV (avast, version gratuite, à jour), me mettait une alerte comme quoi il avait trouvé le trojan Win32:Onlinegames dans un fichier "amvo0.dll". J'ai supprimé ce fichier (par l'intérmédiaire d'avast), mais quelques minutes plus tard, le même message revenait, avec la menace dans le fichier "amvo1.dll". J'ai donc fait pas mal de recherche et de manip, ce qui m'a amené à démarrer en mode sans échec, à supprimer des fichiers du type "amvo", et à vérifier la base de registre.
Depuis, je n'ai plus d'alertes.
Cependant, un symptome de ce trojan est d'empêcher de voir les fichiers cachés, ce que je ne peux toujours pas faire... J'en déduis qu'il doit toujours être quelque part ...
J'ai fais de multiples scan (AVG Anti Spyware, CCleaner, Spybot, Ad-Aware) qui n'ont rien trouvés.
J'ai fais un scan avec Hijach This, et rien ne m'a paru bizarre.
Seul un scan complet de Avast m'a détecté la présence de 2 trojans (Win32:Trojan et Win32:Onlinegames).

Le problème est qu'ils sont dans des fichiers de restauration (C:\System Volume Information\_restore{*}\*).
En mode normal, je ne peux pas y accéder, et Avast ne peux pas les supprimer ; et je ne peux pas changer les droits du dossier.
Avant d'aller essayer en mode sans échec, j'ai quelques questions :
- n'y-a-t-il aucun risque à supprimer ces fichiers ? (voire tout le dossier correspondant).
- Est ce que ça va résoudre le problème des fichiers cachés, et virer complètement ces saletés ?

Je remercie par avance les personnes qui voudront bien m'aider.
Configuration: Windows XP SP2
Firefox 2.0.0.11

28 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Le problème est qu'ils sont dans des fichiers de restauration (C:\System Volume Information\_restore{*}\*).

    pour virer l'infection :

    désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
    puis redemarre ton ordi
    puis réactive la

    _________________

    colle un rapport hiajkchtis pour verifier
    0
    1. Kobe
       
      Merci de vos réponses.
      J'ai désactivé/rebooter/réactiver la restauration système, voila le log d'Hijack This :


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:04:57, on 07/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      F:\BOINC\boincmgr.exe
      C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
      F:\BOINC\boinc.exe
      F:\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
      F:\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      F:\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_5.42_windows_intelx86
      C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
      O4 - Startup: World Community Grid - BOINC Manager.lnk = F:\BOINC\boincmgr.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      0
  2. jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
     
    Salut !
    Ouais tu n'auras pas accès au dossier Volume\restore, c'est normal .
    Alors, simplement désactiver la resto sur Cliques droite "poste de travail"/Propriétés Resto/Désactiver /appliquer/ok
    Redémarrer /Réactiver la resto/Appliquer/ ok et voilà.
    Ensuite scan en MSEchec, avec ton Avast minutieux.
    0
  3. Kobe
     
    Petit oubli : lorsque j'ai supprimé les fichiers amvo?.dll, un message d'alerte est apparu quelques secondes après, en me disant qu'une application (avec le nom d'un fichier) n'a pas pu s'initialiser. Il vient de me le rafficher lors de reboot, mais je n'ai pas pu lire le nom de fichier (de souvenir, c'était un nom vraiment tordu, sans aucune signification).
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Kobe
     
    Merci pour ton aide.
    Le scan d'avast est en cours, en mode normal (c'est looong).
    Je tenterai surement des scans en ligne ensuite.
    Je vous tiens au courant dès que c'est fini.

    (HS : on peut pas éditer un message si on est pas inscrit ?)
    0
  6. Kobe
     
    Bon, le scan d'avast est terminé.
    Résultat : je ne vois plus aucune trace d'aucun trojan.
    Cependant : j'ai pas mal d'archive détectée comme "bombe de decompression" (kesaco ?)
    et le problème des fichiers cachés persiste !

    Je pars pour les scans en ligne ...
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    tu collera le rapport pour voir

    a plus
    0
  8. Kobe
     
    Bonjour,

    J'ai fais le scan de BitDefender, Panda, et Trend Micro : aucun virus, menaces ou fichier infecté trouvé !
    Mais je ne peux toujours pas afficher les fichiers cachés ...

    La je ne vois vraiment pas d'où ca peut venir ... une clé de la BdR qui a été modifiée ?

    A noter que à chaque racine de mes partitions, j'ai des fichiers nommés "i.com", "j.bat" ... ainsi que 2 autres avec un nom différent (ifetri.com et 288qmr.bat ou qqch dans le genre, je pourrais préciser ce soir) ; ce que je trouve bizarre, c'est que quand je les édite, ils ont la signature d'exécutable (commencent par MZ) ...
    J'ai suprimé ceux qui étaient sur ma partition systeme, rien n'a l'air de bugger, je vais sans doute les virer sur les autres partitions aussi ... ? je n'ai trouvé aucune information sur ces fichiers sur google ...

    En tout cas, si vous avez des idées, elles seront les bienvenues !

    Merci pour votre aide.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    afficher fichiers caché (tu a essayé en mode administrateur?

    https://www.informatruc.com

    _____________

    essaye zeb restore

    http://telechargement.zebulon.fr/zeb-restore.html

    _____________

    si ca persiste colle pour voir un rapport combofix

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    0
  10. Kobe
     
    Re bonjour !

    Ca marche !
    Je te colle quand même le rapport ComboFix, au cas où tu verrais des trucs bizarres.

    ComboFix 08-02.05.3 - Benoît 2008-02-08 18:11:49.3 - NTFSx86
    Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.1047 [GMT 1:00]
    Endroit: C:\Documents and Settings\Benoît\Bureau\ComboFix.exe
    
    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .
    
    (((((((((((((((((((((((((((((   Fichiers créés 2008-01-08 to 2008-02-08  ))))))))))))))))))))))))))))))))))))
    .
    
    2008-02-08 18:01 . 2004-08-05 13:00	400,896	--a------	C:\kmd.exe
    2008-02-08 12:31 . 2008-02-08 12:30	36,053,585	--a------	C:\WINDOWS\LPT$VPN.987
    2008-02-08 12:30 . 2008-02-08 12:30	<REP>	d--------	C:\WINDOWS\AU_Temp
    2008-02-08 12:30 . 2008-02-08 12:30	36,053,585	--a------	C:\WINDOWS\VPTNFILE.987
    2008-02-07 21:49 . 2008-02-08 12:31	<REP>	d--------	C:\WINDOWS\report
    2008-02-07 21:49 . 2008-02-08 12:30	<REP>	d--------	C:\WINDOWS\AU_Backup
    2008-02-07 21:49 . 2008-02-07 21:49	1,919,160	--a------	C:\WINDOWS\tsc.ptn
    2008-02-07 21:49 . 2008-02-08 12:30	1,163,344	--a------	C:\WINDOWS\vsapi32.dll
    2008-02-07 21:49 . 2008-02-07 21:49	267,845	--a------	C:\WINDOWS\tsc.exe
    2008-02-07 21:49 . 2008-02-08 12:30	86,094	--a------	C:\WINDOWS\BPMNT.dll
    2008-02-07 21:49 . 2008-02-07 21:49	71,749	--a------	C:\WINDOWS\hcextoutput.dll
    2008-02-07 21:49 . 2008-02-08 17:43	823	--a------	C:\WINDOWS\tsc.ini
    2008-02-07 21:45 . 2008-02-07 21:45	<REP>	d--------	C:\WINDOWS\AU_Log
    2008-02-07 21:45 . 2008-02-07 21:45	507,904	--a------	C:\WINDOWS\TMUPDATE.DLL
    2008-02-07 21:45 . 2008-02-07 21:45	286,720	--a------	C:\WINDOWS\PATCH.EXE
    2008-02-07 21:45 . 2008-02-07 21:45	69,689	--a------	C:\WINDOWS\UNZIP.DLL
    2008-02-07 21:45 . 2008-02-08 12:30	170	--a------	C:\WINDOWS\GetServer.ini
    2008-02-07 21:34 . 2008-02-07 21:36	<REP>	d--------	C:\Program Files\Panda Security
    2008-02-07 21:30 . 2008-02-07 22:32	<REP>	d--------	C:\Documents and Settings\Benoît\.housecall6.6
    2008-02-07 21:30 . 2008-02-07 22:32	<REP>	d--------	C:\Documents and Settings\Benoît\.housecall6.6
    2008-02-07 19:42 . 2008-02-08 07:28	<REP>	d--------	C:\WINDOWS\BDOSCAN8
    2008-02-06 23:43 . 2008-02-06 23:44	<REP>	d--------	C:\WINDOWS\ERUNT
    2008-02-06 23:01 . 2008-02-06 23:02	<REP>	d--------	C:\Program Files\Lavasoft
    2008-02-06 23:01 . 2008-02-06 23:02	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-06 22:57 . 2008-02-06 22:57	<REP>	d--------	C:\Program Files\Trend Micro
    2008-02-06 22:26 . 2008-02-06 22:26	<REP>	d--------	C:\Program Files\Spybot - Search & Destroy
    2008-02-06 22:26 . 2008-02-06 23:49	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-06 22:05 . 2008-02-06 22:05	<REP>	d--------	C:\Program Files\CCleaner
    2008-02-06 21:22 . 2008-02-06 21:22	<REP>	d--------	C:\Documents and Settings\Benoît\Application Data\Grisoft
    2008-02-06 21:22 . 2008-02-06 21:22	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-06 21:22 . 2007-05-30 13:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-05 13:07 . 2008-02-05 13:12	<REP>	d--------	C:\Documents and Settings\Benoît\.maptool
    2008-02-05 13:07 . 2008-02-05 13:12	<REP>	d--------	C:\Documents and Settings\Benoît\.maptool
    2008-02-05 12:09 . 2008-02-05 12:09	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-02-05 12:08 . 2007-11-15 10:06	301,656	--a------	C:\WINDOWS\system32\BtCoreIf.dll
    2008-02-05 12:08 . 2008-02-05 12:08	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-02-05 12:07 . 2008-02-05 12:08	<REP>	d--------	C:\Program Files\Fichiers communs\Logishrd
    2008-02-05 12:07 . 2008-02-05 12:07	<REP>	d--------	C:\Documents and Settings\Benoît\Application Data\InstallShield
    2008-02-03 11:16 . 2008-02-03 11:16	<REP>	d--------	C:\WINDOWS\Sun
    2008-02-02 16:17 . 2008-02-02 16:17	<REP>	d--------	C:\Program Files\DAEMON Tools Lite
    2008-02-02 16:17 . 2008-02-02 16:17	<REP>	d--------	C:\Documents and Settings\Benoît\Application Data\DAEMON Tools
    2008-01-29 22:05 . 2008-01-29 22:16	357	--a------	C:\Documents and Settings\Benoît\.cb_layout.bin
    2008-01-29 22:05 . 2008-01-29 22:16	357	--a------	C:\Documents and Settings\Benoît\.cb_layout.bin
    2008-01-29 22:03 . 2008-01-29 22:11	<REP>	d--------	C:\Documents and Settings\Benoît\.CodeBlocks
    2008-01-29 22:03 . 2008-01-29 22:11	<REP>	d--------	C:\Documents and Settings\Benoît\.CodeBlocks
    2008-01-29 20:13 . 2008-01-29 20:14	<REP>	d--------	C:\WINDOWS\system32\NtmsData
    2008-01-26 20:32 . 2008-01-26 20:32	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-25 19:08 . 2008-01-25 19:08	<REP>	d--------	C:\Program Files\Microsoft Silverlight
    2008-01-25 09:03 . 2005-04-12 19:09	159,744	--a------	C:\WINDOWS\system32\WmJoyFrc.dll
    2008-01-25 09:03 . 2005-04-12 19:21	45,504	--a------	C:\WINDOWS\system32\drivers\WmXlCore.sys
    2008-01-25 09:03 . 2005-04-12 19:21	22,240	--a------	C:\WINDOWS\system32\drivers\WmFilter.sys
    2008-01-25 09:03 . 2005-04-12 19:21	10,144	--a------	C:\WINDOWS\system32\drivers\WmBEnum.sys
    2008-01-25 09:03 . 2005-04-12 19:21	5,600	--a------	C:\WINDOWS\system32\drivers\WmVirHid.sys
    2008-01-24 20:33 . 2008-01-24 20:33	<REP>	d--------	C:\Documents and Settings\Benoît\workspace
    2008-01-24 20:33 . 2008-01-24 20:33	<REP>	d--------	C:\Documents and Settings\Benoît\workspace
    2008-01-24 12:33 . 2008-01-24 12:33	<REP>	d--------	C:\Program Files\Microsoft Games
    
    .
    ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-07 21:39	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\U3
    2008-02-06 22:01	---------	d-----w	C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-05 11:08	---------	d-----w	C:\Program Files\Fichiers communs\Logitech
    2008-02-05 11:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    2008-02-02 12:21	716,272	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-31 16:58	---------	d-----w	C:\Program Files\eMule
    2008-01-31 16:58	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\Azureus
    2008-01-31 14:15	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\FileZilla
    2008-01-29 21:16	357	----a-w	C:\Documents and Settings\Benoît\.cb_layout.bin
    2008-01-29 21:16	357	----a-w	C:\Documents and Settings\Benoît\.cb_layout.bin
    2008-01-28 19:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-01-26 19:32	---------	d-----w	C:\Program Files\Fichiers communs\Ahead
    2008-01-25 08:03	---------	d-----w	C:\Program Files\Logitech
    2008-01-24 17:17	---------	d-----w	C:\Program Files\DAEMON Tools
    2008-01-17 16:35	---------	d-----w	C:\Program Files\Notepad++
    2008-01-07 20:44	---------	d-----w	C:\Program Files\MSXML 4.0
    2008-01-05 15:25	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\My Games
    2008-01-05 15:20	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\InstallShield Installation Information
    2008-01-05 15:15	---------	d-----w	C:\Program Files\MagicISO
    2008-01-05 11:19	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\Todae
    2008-01-05 09:27	---------	d-----w	C:\Program Files\MSXML 6.0
    2008-01-04 22:52	---------	d-----w	C:\Program Files\MSBuild
    2008-01-04 22:49	---------	d-----w	C:\Program Files\Reference Assemblies
    2008-01-04 22:22	---------	d-----w	C:\Program Files\NVIDIA Corporation
    2008-01-04 17:25	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\skypePM
    2008-01-04 17:25	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\Skype
    2008-01-04 17:19	127,034	------r	C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2008-01-04 17:19	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\Logitech
    2008-01-04 17:18	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-01-04 17:18	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-01-04 17:18	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2008-01-04 17:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Logitech
    2008-01-04 13:44	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-04 10:46	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-12-23 21:38	---------	d-----w	C:\Program Files\Azureus
    2007-12-22 15:20	669,184	----a-w	C:\WINDOWS\system32\pbsvc.exe
    2007-12-22 15:20	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
    2007-12-22 15:20	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-22 15:20	22,328	----a-w	C:\Documents and Settings\Benoît\Application Data\PnkBstrK.sys
    2007-12-22 15:20	103,736	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-22 09:21	---------	d-----w	C:\Program Files\Messenger Plus! Live
    2007-12-19 20:54	---------	d-----w	C:\Documents and Settings\Benoît\Application Data\fretsonfire
    2007-12-18 22:22	81,920	----a-w	C:\WINDOWS\system32\OpenAL32.dll
    2007-12-14 10:32	12,632	----a-w	C:\WINDOWS\system32\lsdelete.exe
    2007-12-10 21:09	---------	d-----w	C:\Program Files\Windows Media Connect 2
    2007-12-09 11:39	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-09 11:39	---------	d--h--r	C:\Documents and Settings\Benoît\Application Data\SecuROM
    2007-12-04 13:04	837,496	----a-w	C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr
    2007-12-02 13:26	86,016	----a-w	C:\WINDOWS\system32\ct_oal.dll
    2007-12-02 13:26	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
    2007-12-01 20:01	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-30 13:29	315,392	----a-w	C:\WINDOWS\HideWin.exe
    2007-11-26 13:25	480,000	----a-w	C:\WINDOWS\boinc.scr
    2007-11-15 09:07	76,304	----a-w	C:\WINDOWS\system32\KemXML.dll
    2007-11-15 09:07	170,512	----a-w	C:\WINDOWS\system32\kemutb.dll
    2007-11-15 09:07	141,840	----a-w	C:\WINDOWS\system32\KemUtil.dll
    2007-11-15 09:07	117,264	----a-w	C:\WINDOWS\system32\KemWnd.dll
    2006-06-23 06:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe
    .
    
    (((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2007-05-10 23:03 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 23:03 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 23:03 8429568]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 09:30 81920]
    "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-06-16 10:24 1323008]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    
    C:\Documents and Settings\BenoŒt\Menu D‚marrer\Programmes\D‚marrage\
    TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-12-02 12:06:10 1077248]
    World Community Grid - BOINC Manager.lnk - F:\BOINC\boincmgr.exe [2007-11-26 14:25:32 3863296]
    
    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-04 18:19:14 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-05 12:08:03 784912]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
    
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 04:15]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 07:12]
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2656c6c-a4d7-11dc-9fc2-001b11c743fd}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
    
    .
    **************************************************************************
    
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-08 18:12:20
    Windows 5.1.2600 Service Pack 2 NTFS
    
    Balayage processus cachés ...
    
    Balayage caché autostart entries ...
    
    Balayage des fichiers cachés ...
    
    Scan terminé avec succès 
    Les fichiers cachés: 0 
    
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-08 18:12:33
    .
    2008-01-09 20:01:26	--- E O F ---  


    Par contre, le fichier de ton lien n'est pas bon (chez moi en tout cas, en voila un autre qui a marché : https://www.google.fr/?gws_rd=ssl )
    A noter quand même : Secuser n'a rien trouvé, afficher les fichiers cachés, c'est ce qui marchais pas, et ma session est bien admin, zeb restore n'a rien fait non plus, donc tout semblerais venir de combofix.
    De plus, les fichiers bizarres dont je t'ai parlés, qui étaient présent à la racine de mes partitions ont aussi disparus.

    Est ce que tu pourrais quand même me donner ton analyse du rapport stp, et si tu sais d'où venait le problème me l'indiquer, j'aime bien comprendre, ca peut resservir ^^

    Encore merci, a++
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      ok c'est bon!



      pour protéger gratos ton ordi

      http://www.commentcamarche.net/telecharger/logiciel 4 securite

      mettre un antivirus

      ((AVAST en français)) ou ANTIVIR de preference(en anglais mais très efficace)
      https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
      -------------
      des anti-espions :
      AD AWARE + SPYBOT + si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

      +/-
      SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

      Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
      --------
      un pare feu :
      celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

      https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
      https://manuelsdaide.com/contact/
      http://www.open-files.com/forum/index.php?showtopic=29277
      http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

      -----------

      CCLEANER pour effacer les traces de surf
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non rien dans les rapport c'est windows.....

    tu as le tea timer de spybot et avg antispyware en analyse en temps réel? si c'est le cas désactive un des deux car ca peut faire planter

    a plus
    0
  12. ranirun Messages postés 7 Statut Membre
     
    salut à tous !
    j'ai un trojan et j'arrive pas à m'en débarraser ! j'ai déjà essayé avec avast, AVG et trojan remover, ils le detectent mais il ne le suppriment pas! et mon pc devient deviens de plus en plus lent!! à chaque application avast me signale la présence du virus.
    file name: c:`\windows\system32\amvo0.dll
    Malware name : Win32: Online games- CAZ[Trj]
    malware type: trojan horse
    aider moi svp!!
    merci
    0
  13. Kobe
     
    Voila le rapport d'antivir : un virus trouvé, qui venait d'un scan en ligne (j'ai tout viré après) :

    
    AntiVir PersonalEdition Classic
    Report file date: dimanche 10 février 2008  13:55
    
    Scanning for 1096761 virus strains and unwanted programs.
    
    Licensed to:      Avira AntiVir PersonalEdition Classic
    Serial number:    0000149996-ADJIE-0001
    Platform:         Windows XP
    Windows version:  (Service Pack 2)  [5.1.2600]
    Username:         Benoît
    Computer name:    BENO-139196BB54
    
    Version information:
    BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
    AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
    AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
    LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
    LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14/12/2007 12:47:34
    ANTIVIR2.VDF : 7.0.2.113   1673728 Bytes  08/02/2008 12:47:34
    ANTIVIR3.VDF : 7.0.2.114      2048 Bytes  08/02/2008 12:47:34
    AVEWIN32.DLL : 7.6.0.62    3240448 Bytes  10/02/2008 12:47:34
    AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
    AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
    AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3      360488 Bytes  10/02/2008 12:47:34
    AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
    AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
    NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
    RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
    RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
    SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21
    
    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: I:, 
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium
    
    Start of the scan: dimanche 10 février 2008  13:55
    
    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
    Scan process 'wcg_hpf2_rosetta_5.18_windows_intelx86' - '1' Module(s) have been scanned
    Scan process 'wcg_hpf2_rosetta_5.18_windows_intelx86' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wcg_hpf2_rosetta_5.18_windows_intelx86' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'boinc.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'boincmgr.exe' - '1' Module(s) have been scanned
    Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
    Scan process 'AirPlusCFG.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    48 processes with 48 modules were scanned
    
    Start scanning boot sectors:
    Boot sector 'C:\'
          [NOTE]      No virus was found!
    Boot sector 'F:\'
          [NOTE]      No virus was found!
    Boot sector 'G:\'
          [NOTE]      No virus was found!
    Boot sector 'I:\'
          [NOTE]      No virus was found!
    
    Starting to scan the registry.
    The registry was scanned ( '40' files ).
    
    
    Starting the file scan:
    
    Begin scan in 'C:\' <Disque local - Windows>
    C:\pagefile.sys
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
          [DETECTION] Is the Trojan horse TR/Agent.bux.1
          [INFO]      The file was deleted!
    C:\Program Files\Panda Security\NanoScan\Engine\psnfstdb.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\psnglknt.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\psnhsh.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\psnkrnl.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\psnmem.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\PsnPen.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\PSNStat.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\psnxprs.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\putczip.dll
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\RKPavProc.sys
          [WARNING]   The file could not be opened!
    C:\Program Files\Panda Security\NanoScan\Engine\RKPavProc64.sys
          [WARNING]   The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
          [WARNING]   The file could not be opened!
    Begin scan in 'F:\' <Disque local - Installation>
    Begin scan in 'G:\' <Disque local - Stockage>
    Begin scan in 'H:\' <U3 System>
    Begin scan in 'I:\' <MYUSBKEY>
    
    
    End of the scan: dimanche 10 février 2008  14:54
    Used time: 59:37 min
    
    The scan has been done completely.
    
      11688 Scanning directories
     677833 Files were scanned
          1 viruses and/or unwanted programs were found
          0 Files were classified as suspicious:
          1 files were deleted
          0 files were repaired
          0 files were moved to quarantine
          0 files were renamed
         13 Files cannot be scanned
     677832 Files not concerned
       2741 Archives were scanned
         13 Warnings
          2 Notes
    
    


    Il semblerait que ça soit définitivement bon ...
    Je vois vraiment pas ce qui continuait à merder.

    Merci beaucoup pourle temps que tu as passé à m'aider !

    A++
    Kobe
    0
  14. ranirun Messages postés 7 Statut Membre
     
    voilà le rapport avec antivir

    AntiVir PersonalEdition Classic
    Report file date: dimanche 10 février 2008 12:00

    Scanning for 1096761 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: RUN-3EE39A88A94

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 01:05:28
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 01:05:28
    ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 01:05:28
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 01:05:29
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 01:05:29
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: I:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 10 février 2008 12:00

    Starting search for hidden objects.
    '52583' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'OFFLB.EXE' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
    Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
    Scan process 'Adobelmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
    Scan process '_Photoshop.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
    Scan process 'sgmain.exe' - '1' Module(s) have been scanned
    Scan process 'IcoSauve.exe' - '1' Module(s) have been scanned
    Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    42 processes with 42 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD2
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD3
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD4
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD5
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!
    Boot sector 'I:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\eMule.de 0.48a v18\Temp\006.part
    [0] Archive type: ACE
    --> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
    [WARNING] An exception has been identified!
    [WARNING] An exception has been identified!
    Begin scan in 'E:\' <HP Personal Media Drive>
    Begin scan in 'I:\' <RûN>

    End of the scan: dimanche 10 février 2008 13:29
    Used time: 1:28:58 min

    The scan has been done completely.

    14129 Scanning directories
    360306 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    360306 Files not concerned
    11934 Archives were scanned
    4 Warnings
    0 Notes
    52583 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  15. jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
     
    Bonjour ranirun,
    0
  16. ranirun Messages postés 7 Statut Membre
     
    ah bon ! peu importe!
    j'ai toujours le virus ou pas ?!!

    voilà un autre rapport

    AntiVir PersonalEdition Classic
    Report file date: lundi 11 février 2008 12:00

    Scanning for 1098011 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: RUN-3EE39A88A94

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 01:05:28
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 01:05:28
    ANTIVIR3.VDF : 7.0.2.116 20992 Bytes 10/02/2008 22:24:38
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 01:05:29
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 01:05:29
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: I:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 11 février 2008 12:00

    Starting search for hidden objects.
    '52578' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'RAC38.exe' - '1' Module(s) have been scanned
    Scan process 'MediaDico38.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
    Scan process 'sgmain.exe' - '1' Module(s) have been scanned
    Scan process 'IcoSauve.exe' - '1' Module(s) have been scanned
    Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    38 processes with 38 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD2
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD3
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD4
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD5
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!
    Boot sector 'I:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '18' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\eMule.de 0.48a v18\Temp\006.part
    [0] Archive type: ACE
    --> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
    [WARNING] An exception has been identified!
    [WARNING] An exception has been identified!
    C:\System Volume Information\_restore{B0C4DFB3-3129-4ED6-977A-D8522A68C11B}\RP6\A0000279.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.32
    [INFO] The file was deleted!
    Begin scan in 'E:\' <HP Personal Media Drive>
    Begin scan in 'I:\' <RûN>

    End of the scan: lundi 11 février 2008 12:59
    Used time: 59:39 min

    The scan has been done completely.

    14138 Scanning directories
    360483 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    360482 Files not concerned
    11943 Archives were scanned
    4 Warnings
    0 Notes
    52578 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  17. jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
     
    Rebonjour.

    ton rapport précédent indiquait : 0 viruses and/or unwanted programs were found
    Donc excellent.

    Mais là. tu as joué de la "Mule" il me semble ???


    C:\Program Files\eMule.de 0.48a v18\Temp\006.part
    [0] Archive type: ACE
    --> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
    [WARNING] An exception has been identified!
    [WARNING] An exception has been identified!
    C:\System Volume Information\_restore{B0C4DFB3-3129-4ED6-977A-D8522A68C11B}\RP6\A0000279.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.32
    [INFO] The file was deleted!

    Mais grâce à la réactivité de Antivir, cette merde est restée dans le dossier "temp". Et a été isolée et détruite par Antivir .

    1 viruses and/or unwanted programs were found


    1 files were deleted
    --


    -------------------------------------------------
    Mais ,ce topic est celui de : KOBE et de jlpjlp.
    Alors pour terminer mon aide, on devra poursuivre comme on a fais préalablement .
    Mais je sais que tu m'a contacté, mais j'en ai eu tellement plein les bras que celà m'a été impossible de continuer.
    Donc nous devrons reprendre pour finaliser 'quelques explications' surtout concernant le P2P.
    @+ Jal
    Et salut kobe & jlpjlp.;-)

    S"V"P. ((Veuillez lire attentivement les recommandations.))
    ((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
    0
  18. leon95 Messages postés 1231 Statut Membre 22
     
    bonsoir..t es la jal?
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    et evidemment un petit coucou à jalobservateur
    0
  • 1
  • 2