Sujet Précédent Sujet Suivant

Trojan à devenir dingue !

cyr75 Messages postés 11 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

J'envoie cet appel à l'aide car ça fait deux jours que je suis sur un pc que je viens de récupérer et je suis envahi apparemment de trojan. J'ai suivi bcp de conseils sur ce site et ai télécharger bcd de scan et d'antivirus (msn fix, SDFix, j'ai réinstaller Antivir à la place d'avast qui me trouve bien 14 attaque de Trojan malgré tout ce que j'ai fait !....
Voici donc le dernier rapport Hijackthis . Quelqun pourrait il me donner un petit coup de main ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:33, on 27/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Propriétaire\Bureau\ELIBAGLA.06032008.EXE
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

120 réponses

Précédent
Réponse 81 / 120
Utilisateur anonyme
 
========================= OTMOVE IT ===========================

OteMoveIt

• Télécharger : OteMoveIt
• L'installer sur le bureau
• Le lancer.
• S'Assurer que la case Unregister Dll's and Ocx's soit bien cochée.
• Copier/Coller les lignes ci-dessous en gras de OTMoveIt nommé
Paste Standard List of Files/Folders to move.


C:\Windows\System32\aaqweg.exe
C:\Windows\System32\olbjolfk.exe
C:\Windows\System32\ldpgkpy.exe


• Click sur MoveIt! pour lancer la suppression.
• Si OTMoveIt propose de redémarrer le PC, accepter !
• Lorsque un résultat apparaît dans le cadre Results, click sur Exit.
• Copier/Coller sur le forum le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

Et bien sur un rapport hijakthis
0
Réponse 82 / 120
cyr75
 
voici pour les deux premiers :

C:\Windows\System32\aaqweg.exe moved successfully.
File/Folder C:\Windows\System32\olbjolfk.exe not found.

OTMoveIt2 v1.0.20 log created on 03152008_183035

deux nouvelles alertes :
C:\Windows\System32\kmta.exe
W32/Virut.Gen
C:\Windows\System32\Vhoxa.exe
TR/Qost.agt
0
Réponse 83 / 120
Utilisateur anonyme
 
On essaye ça (lol toute la panoplie va y passer)

Charge ça sur ton bureau et clique sur l'icone DSS.exe.

Patiente,

Un rapport va s'ouvrir à coller ici.
0
Réponse 84 / 120
cyr75
 
Deckard's System Scanner v20071014.68
Run by Propriétaire on 2008-03-15 19:36:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 5 Restore Point(s) --
15: 2008-03-15 07:42:18 UTC - RP15 - Le KB842773 pour Windows XP a été installé.
14: 2008-03-15 07:41:59 UTC - RP14 - Le KB893803v2 pour Windows Installer a été installé.
13: 2008-03-15 07:40:56 UTC - RP13 - Le KB910437 pour Windows XP a été installé.
12: 2008-03-15 07:40:43 UTC - RP12 - Le KB914388 pour Windows XP a été installé.
11: 2008-03-15 07:40:19 UTC - RP11 - Le KB898461 pour Windows XP a été installé.

-- First Restore Point --
1: 2008-03-14 17:03:00 UTC - RP1 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Propriétaire.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:51, on 15/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\dss.exe
C:\DOCUME~1\PROPRI~1\Bureau\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Scanning Analist Management System (SAMS) - Unknown owner - C:\WINDOWS\System32\sams.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 85 / 120
cyr75
 
pendant cette analyse j'ai été bombardé à tout va d'alertes d'antivir !
0
Réponse 86 / 120
Utilisateur anonyme
 
===================== COMBOFIX ========================

Combofix

Installer ComboFix sur le bureau
Note :
Le serveur de téléchargement peut être en surcharge et renvoyer une page d'erreur. Il faut insister.

• Se déconnecter d'internet
• Désactiver seulement pendant l'utilisation de ComboFix, la protection de l'antivirus et de l'antispyware ceux-ci pouvant entraver le bon fonctionnement de combofix
• Fermer toutes les applications en cours
• Double-click sur l'icône qui s'est installé sur le bureau
• Appuyer sur la touche 1 puis sur entrée:
• Laisser Combofix travailler sans se servir de la machine.
• Si ComboFix a besoin de redémarrer la machine, laisser faire.
• Réactiver la protection de l'antivirus et de l'antispyware

• Copier/Coller le rapport généré dans le bloc-note dans le prochain message
(Ce fichier est automatiquement généré et enregistré sous C:\Combofix.txt)

Et bien sur Rapport Hijacthis
0
Réponse 87 / 120
cyr75
 
voici le rapport combofix :

ComboFix 08-03-14.2 - Propriétaire 2008-03-15 20:15:15.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.521 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
.

2008-03-15 19:43 . 2008-03-15 19:43 71,139 --ah----- C:\WINDOWS\system32\kroyga.exe
2008-03-15 19:36 . 2008-03-15 19:36 <REP> d-------- C:\Deckard
2008-03-15 19:30 . 2008-03-15 19:30 48,348 --ah----- C:\WINDOWS\system32\refvc.exe
2008-03-15 19:21 . 2008-03-15 19:21 110,080 --ah----- C:\WINDOWS\system32\hnix.exe
2008-03-15 19:19 . 2008-03-15 19:19 110,080 --ah----- C:\WINDOWS\system32\codbmamj.exe
2008-03-15 19:19 . 2008-03-15 19:19 64,000 --ah----- C:\WINDOWS\system32\dquwb.exe
2008-03-15 18:03 . 2008-03-15 18:03 492 --a------ C:\1.vbs
2008-03-15 17:44 . 2008-03-15 17:44 58,076 --ah----- C:\WINDOWS\system32\nwqgduos.exe
2008-03-15 08:59 . 2006-07-21 09:32 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll
2008-03-15 08:42 . 2008-03-15 08:42 <REP> d-------- C:\WINDOWS\system32\bits
2008-03-15 08:40 . 2006-03-01 20:45 83,456 --a------ C:\WINDOWS\system32\mtxoci.dll
2008-03-15 08:40 . 2006-03-01 20:45 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2008-03-15 08:00 . 2008-03-15 08:00 64,000 --ah----- C:\WINDOWS\system32\pvxdqbg.exe
2008-03-15 07:56 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-15 07:55 . 2008-03-15 07:55 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-15 07:53 . 2008-03-15 17:50 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-15 07:53 . 2008-03-15 19:42 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-14 20:33 . 2008-03-14 20:33 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-14 20:25 . 2008-03-14 20:25 141,824 --ah----- C:\WINDOWS\system32\kmta.exe
2008-03-14 18:57 . 2004-03-30 02:49 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2008-03-14 18:55 . 2006-07-13 09:41 199,936 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-03-14 18:54 . 2004-08-20 22:53 704,512 --a------ C:\WINDOWS\system32\sxs.dll
2008-03-14 18:54 . 2004-08-20 22:53 82,944 --a------ C:\WINDOWS\system32\fldrclnr.dll
2008-03-14 18:54 . 2005-09-01 02:50 16,384 --a------ C:\WINDOWS\system32\linkinfo.dll
2008-03-14 18:01 . 2008-03-14 18:01 42,496 -r-hs---- C:\WINDOWS\system32\sams.exe
2008-03-12 21:48 . 2008-03-12 21:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-12 21:16 . 2006-09-13 06:10 1,110,528 --a------ C:\WINDOWS\system32\msxml3.dll
2008-03-12 21:16 . 2006-09-13 06:10 1,110,528 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-03-12 21:16 . 2004-10-28 02:31 93,184 --a------ C:\WINDOWS\system32\cscdll.dll
2008-03-12 21:15 . 2005-10-20 23:34 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
2008-03-12 21:14 . 2006-06-26 18:48 6,144 --------- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-03-12 21:09 . 2008-03-12 21:09 83,968 --ah----- C:\WINDOWS\system32\epawoq.exe
2008-03-12 19:54 . 2006-08-14 09:59 321,536 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-03-12 19:53 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-12 19:53 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-08 09:03 . 2008-03-08 09:03 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-03-08 09:03 . 2008-03-08 09:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 09:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 11:04 . 2008-03-01 11:04 60,416 --------- C:\WINDOWS\system32\cfons.exe
2008-03-01 11:04 . 2008-03-01 11:04 40,448 --a------ C:\WINDOWS\system32\xxyxxwv.dll.vir
2008-03-01 11:04 . 2008-03-01 11:04 13,147 --a------ C:\WINDOWS\system32\algvrqly.exe
2008-03-01 10:59 . 2008-03-01 10:59 594,944 --------- C:\WINDOWS\system32\plms.exe
2008-03-01 10:57 . 2008-03-01 10:58 62,464 --ah----- C:\WINDOWS\system32\tzhccqa.exe
2008-03-01 10:56 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-01 10:56 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-01 10:56 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-01 10:56 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-03-01 10:56 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-03-01 10:56 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-03-01 10:56 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-01 10:50 . 2008-03-01 10:50 13,147 --a------ C:\WINDOWS\system32\cmgsg.exe
2008-03-01 10:38 . 2008-03-01 10:38 13,147 --a------ C:\WINDOWS\system32\vhoxa.exe
2008-03-01 09:21 . 2008-03-01 09:38 <REP> d-------- C:\VundoFix Backups
2008-02-28 11:03 . 2008-02-28 11:03 13,147 --a------ C:\WINDOWS\system32\jczqo.exe
2008-02-28 11:01 . 2008-02-28 11:01 <REP> d-------- C:\Program Files\Crawler
2008-02-28 11:00 . 2008-02-28 11:14 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-28 11:00 . 2008-02-28 11:14 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Spyware Terminator
2008-02-28 11:00 . 2008-02-28 11:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-28 11:00 . 2008-02-28 11:00 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-28 10:47 . 2008-02-28 10:47 13,147 --a------ C:\WINDOWS\system32\kkmbxk.exe
2008-02-28 10:47 . 2008-02-28 10:47 13,147 --a------ C:\WINDOWS\system32\dwuhhz.exe
2008-02-28 10:46 . 2008-02-28 10:46 13,147 --a------ C:\WINDOWS\system32\rzxhqwby.exe
2008-02-28 10:44 . 2008-02-28 10:44 13,147 --a------ C:\WINDOWS\system32\gove.exe
2008-02-28 10:44 . 2008-02-28 10:44 13,147 --a------ C:\WINDOWS\system32\geonh.exe
2008-02-27 19:29 . 2008-02-27 19:29 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-27 19:22 . 2008-02-27 19:22 <REP> d-------- C:\_OTMoveIt
2008-02-27 18:57 . 2008-02-27 18:57 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-02-27 18:57 . 2008-02-27 18:57 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-02-26 18:43 . 2008-02-26 18:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 18:43 . 2008-02-26 18:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 18:43 . 2008-03-12 21:31 54 --a------ C:\WINDOWS\system32\x
2008-02-26 18:12 . 2008-02-26 18:12 <REP> d-------- C:\Program Files\Avira
2008-02-26 18:12 . 2008-02-26 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-26 17:51 . 2008-02-26 17:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-26 17:51 . 2008-02-26 17:51 <REP> d-------- C:\Program Files\Zone Labs
2008-02-26 17:51 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-26 17:51 . 2008-02-26 17:51 353,118 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-26 17:40 . 2008-02-26 17:51 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-26 15:46 . 2008-02-26 15:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-26 15:46 . 2008-02-26 15:46 2,552 --a------ C:\WINDOWS\unins000.dat
2008-02-26 15:07 . 2005-03-02 19:21 562,176 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-02-26 15:06 . 2008-02-26 15:06 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-26 14:01 . 2008-02-26 18:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 14:01 . 2008-02-26 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 10:08 . 2008-02-26 10:08 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-02-26 09:59 . 2008-02-26 09:59 <REP> d-------- C:\Program Files\VideoLAN
2008-02-26 09:38 . 2008-02-26 09:38 <REP> d-------- C:\Program Files\Alwil Software
2008-02-26 09:38 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-26 09:13 . 2008-02-26 09:13 <REP> d-------- C:\Program Files\CCleaner
2008-02-26 09:11 . 2008-02-26 09:11 <REP> d-------- C:\Program Files\Lavasoft
2008-02-26 09:11 . 2008-02-26 09:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 09:10 . 2008-02-26 09:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-26 09:02 . 2008-02-26 09:02 <REP> d-------- C:\Program Files\Lavalys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 14:54 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-26 14:54 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-10 09:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2008-02-10 09:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 09:35 --------- d-----w C:\Program Files\Free
2008-02-08 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 23:16 --------- d-----w C:\Program Files\Virtual CD v4 SDK
2008-02-08 23:16 --------- d-----w C:\Program Files\Services en ligne
2008-02-08 23:16 --------- d-----w C:\Program Files\Real
2008-02-08 23:16 --------- d-----w C:\Program Files\QuickTime
2008-02-08 23:16 --------- d-----w C:\Program Files\MouseWare
2008-02-08 23:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 23:16 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-02-08 23:16 --------- d-----w C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
2008-02-08 23:16 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-02-08 23:15 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-08 23:15 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-08 23:15 --------- d-----w C:\Program Files\CyberLink
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\InterTrust
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-08 18:04 135,168 ----a-w C:\WINDOWS\system32\sfc_os.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-14_19.08.52,98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-12 16:22:52 436,608 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2005-03-02 18:17:12 1,903,616 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 18:17:17 1,959,424 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 18:17:25 1,932,288 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 18:17:33 2,044,416 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-05-19 08:44:15 11,776 ------w C:\WINDOWS\Driver Cache\i386\tunmp.sys
- 2002-08-30 11:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-25 22:44:31 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2003-02-28 15:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2003-02-28 17:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
- 2002-08-30 11:00:00 59,392 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-05-19 12:14:13 95,232 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2002-08-30 11:00:00 51,200 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:21:36 53,760 ----a-w C:\WINDOWS\system32\authz.dll
+ 2004-07-01 22:08:13 360,960 ------w C:\WINDOWS\system32\bits\qmgr.dll
- 2002-08-30 11:00:00 49,182 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-02-28 17:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
- 2008-03-14 17:16:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-15 17:04:55 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-14 17:16:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-03-15 17:04:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-03-15 17:03:36 782,336 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\61A5SVE7\84785_winhtb[2].exe
- 2008-03-14 17:16:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-15 17:04:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-08-30 11:00:00 100,352 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:14:13 104,448 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:14:13 95,232 ------w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-05-19 12:14:13 104,448 ------w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-06-26 17:48:42 140,288 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2006-05-19 12:14:13 31,232 ------w C:\WINDOWS\system32\dllcache\inetmib1.dll
+ 2006-05-19 12:14:13 84,480 ------w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 12:02:50 49,152 ------w C:\WINDOWS\system32\dllcache\ipv6.exe
+ 2006-05-19 12:14:14 54,272 ------w C:\WINDOWS\system32\dllcache\ipv6mon.dll
+ 2006-05-19 12:01:26 86,016 ------w C:\WINDOWS\system32\dllcache\netsh.exe
- 2002-12-11 22:14:32 1,962,496 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2005-08-30 08:26:24 1,233,920 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2006-05-19 08:46:02 203,008 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-05-19 08:44:15 11,776 ------w C:\WINDOWS\system32\dllcache\tunmp.sys
+ 2006-05-19 12:14:14 70,656 ------w C:\WINDOWS\system32\dllcache\ws2_32.dll
+ 2006-05-19 12:14:14 13,312 ------w C:\WINDOWS\system32\dllcache\wship6.dll
- 2002-08-30 11:00:00 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-06-26 17:48:42 140,288 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2002-08-30 11:00:00 407,552 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2004-10-12 16:22:52 436,608 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2002-08-30 11:00:00 163,328 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2004-10-12 16:22:24 170,112 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2002-08-30 11:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2002-08-30 11:00:00 330,368 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2002-08-30 11:00:00 196,288 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-05-19 08:46:02 203,008 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2002-08-30 11:00:00 9,856 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
+ 2006-05-19 08:44:15 11,776 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
- 2002-08-30 11:00:00 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 15:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2003-07-17 16:50:24 112,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-15 07:01:26 112,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2002-08-30 11:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:30:33 77,824 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2002-08-30 11:00:00 250,368 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2006-01-02 22:39:04 260,608 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2002-08-30 11:00:00 37,888 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:04:01 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2002-08-30 11:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:32:15 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2002-08-30 11:00:00 31,232 ----a-w C:\WINDOWS\system32\inetmib1.dll
+ 2006-05-19 12:14:13 31,232 ----a-w C:\WINDOWS\system32\inetmib1.dll
- 2002-08-30 11:00:00 83,968 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 12:14:13 84,480 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2002-08-30 11:00:00 62,976 ----a-w C:\WINDOWS\system32\ipv6.exe
+ 2006-05-19 12:02:50 49,152 ----a-w C:\WINDOWS\system32\ipv6.exe
- 2002-08-30 11:00:00 139,264 ----a-w C:\WINDOWS\system32\ipv6mon.dll
+ 2006-05-19 12:14:14 54,272 ----a-w C:\WINDOWS\system32\ipv6mon.dll
- 2002-08-30 11:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:04:01 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2002-08-30 11:00:00 122,368 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:04:01 128,000 ----a-w C:\WINDOWS\system32\itss.dll
- 2002-08-30 11:00:00 186,911 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 17:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 17:26:18 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
- 2002-08-30 11:00:00 63,007 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-02-28 17:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2002-08-30 11:00:00 404,509 ----a-w C:\WINDOWS\system32\javart.dll
+ 2003-02-28 17:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
- 2002-08-30 11:00:00 14,878 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-02-28 17:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2002-08-30 11:00:00 171,034 ----a-w C:\WINDOWS\system32\jit.dll
+ 2003-02-28 17:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2002-08-30 11:00:00 172,060 ----a-w C:\WINDOWS\system32\jview.exe
+ 2003-02-28 17:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
- 2002-08-30 11:00:00 678,400 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-10-28 01:31:14 688,640 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-02-04 14:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
- 2002-08-30 11:00:00 154,140 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2003-02-28 17:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 2002-08-30 11:00:00 359,936 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:45:35 368,640 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2002-08-30 11:00:00 869,376 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:45:35 974,336 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2002-08-30 11:00:00 151,040 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:45:35 150,528 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2002-08-30 11:00:00 2,086,400 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 13:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2002-08-30 11:00:00 233,472 ----a-w C:\WINDOWS\system32\msieftp.dll
+ 2005-08-05 17:24:23 233,984 ----a-w C:\WINDOWS\system32\msieftp.dll
- 2002-08-30 11:00:00 64,512 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 13:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2002-08-30 11:00:00 305,664 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 13:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2002-08-30 11:00:00 847,872 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 13:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2002-08-30 11:00:00 39,936 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 13:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2002-08-30 11:00:00 945,693 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2003-02-28 17:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2002-08-30 11:00:00 21,023 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-02-28 17:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2002-08-30 11:00:00 85,504 ----a-w C:\WINDOWS\system32\netsh.exe
+ 2006-05-19 12:01:26 86,016 ----a-w C:\WINDOWS\system32\netsh.exe
- 2003-02-18 15:19:00 1,951,872 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2005-03-02 18:17:17 1,959,424 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2003-02-18 15:18:56 1,928,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2005-03-02 18:17:33 2,044,416 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2002-08-30 11:00:00 223,232 ----a-w C:\WINDOWS\system32\qmgr.dll
+ 2004-07-01 22:08:13 360,960 ----a-w C:\WINDOWS\system32\qmgr.dll
- 2002-12-11 22:14:32 1,962,496 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2005-08-30 08:26:24 1,233,920 ----a-w C:\WINDOWS\system32\quartz.dll
- 2002-08-30 11:00:00 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:48:42 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2002-08-30 11:00:00 8,393,216 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2005-09-23 03:28:40 8,405,504 ----a-w C:\WINDOWS\system32\shell32.dll
- 2002-08-30 11:00:00 402,432 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-01 01:50:41 409,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2002-08-30 11:00:00 116,736 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2004-10-28 01:31:14 117,248 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2003-02-14 15:20:48 7,680 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2002-08-30 11:00:00 228,864 ----a-w C:\WINDOWS\system32\srrstr.dll
+ 2005-10-27 19:07:56 229,376 ----a-w C:\WINDOWS\system32\srrstr.dll
- 2002-08-30 11:00:00 198,656 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:30:33 111,616 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2002-08-30 11:00:00 73,728 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-11 02:42:13 74,752 ----a-w C:\WINDOWS\system32\telnet.exe
- 2002-08-30 11:00:00 108,544 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:52:21 112,640 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2002-08-30 11:00:00 561,152 ----a-w C:\WINDOWS\system32\user32.dll
+ 2005-03-02 18:21:36 562,176 ----a-w C:\WINDOWS\system32\user32.dll
- 2002-08-30 11:00:00 287,263 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2003-02-28 17:26:26 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
- 2002-08-30 11:00:00 1,813,888 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2005-10-06 03:16:55 1,799,808 ----a-w C:\WINDOWS\system32\win32k.sys
- 2002-08-30 11:00:00 276,992 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2005-09-01 01:50:41 278,528 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2002-08-30 11:00:00 171,549 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2003-02-28 17:26:32 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
- 2002-12-12 01:27:24 4,648,960 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-04-24 14:40:00 4,730,880 ----a-w C:\WINDOWS\system32\wmp.dll
- 2002-08-30 11:00:00 75,264 ----a-w C:\WINDOWS\system32\ws2_32.dll
+ 2006-05-19 12:14:14 70,656 ----a-w C:\WINDOWS\system32\ws2_32.dll
- 2002-08-30 11:00:00 13,312 ----a-w C:\WINDOWS\system32\wship6.dll
+ 2006-05-19 12:14:14 13,312 ----a-w C:\WINDOWS\system32\wship6.dll
- 2002-08-30 11:00:00 9,728 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:45:35 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-05-19 00:51:34 185,856 ------w C:\WINDOWS\system32\xpob2res.dll
+ 2005-09-26 16:41:24 612,864 ------w C:\WINDOWS\system32\xpsp2res.dll
+ 2005-08-31 17:50:40 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 16:18 1670144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43 35328]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31 335872]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-07-17 17:45 151597]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-28 10:49 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 12:00 13312]
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
S2 SAMS;Scanning Analist Management System;C:\WINDOWS\System32\sams.exe [2008-03-14 18:01]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-09 15:05:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 20:16:40
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-15 20:18:09
ComboFix-quarantined-files.txt 2008-03-15 19:17:30
ComboFix2.txt 2008-03-14 18:10:01
.
2008-03-15 09:32:42 --- E O F ---
0
Réponse 88 / 120
cyr75
 
et Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:04, on 15/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\cyril.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Scanning Analist Management System (SAMS) - Unknown owner - C:\WINDOWS\System32\sams.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 89 / 120
cyr75
 
par contre les attaques continuent
0
Réponse 90 / 120
Utilisateur anonyme
 
fais ceci :

Copie le texte ci-dessous :

File::
C:\Program Files\Drmupgds\Drmupgds.exe

Folder::
C:\Program Files\Drmupgds\

Registry::
[HKEY_CURRENT_USER\.default\software\microsoft\windows\currentversion\run]
"Drmupgds"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme montré ici

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de redémarrage, poste quand même les rapports.
0
Réponse 91 / 120
cyr75
 
ComboFix 08-03-14.2 - Propriétaire 2008-03-15 21:06:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.491 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\PropriÚtaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
.

2008-03-15 19:43 . 2008-03-15 19:43 71,139 --ah----- C:\WINDOWS\system32\kroyga.exe
2008-03-15 19:36 . 2008-03-15 19:36 <REP> d-------- C:\Deckard
2008-03-15 19:30 . 2008-03-15 19:30 48,348 --ah----- C:\WINDOWS\system32\refvc.exe
2008-03-15 19:21 . 2008-03-15 19:21 110,080 --ah----- C:\WINDOWS\system32\hnix.exe
2008-03-15 19:19 . 2008-03-15 19:19 110,080 --ah----- C:\WINDOWS\system32\codbmamj.exe
2008-03-15 19:19 . 2008-03-15 19:19 64,000 --ah----- C:\WINDOWS\system32\dquwb.exe
2008-03-15 18:03 . 2008-03-15 18:03 492 --a------ C:\1.vbs
2008-03-15 17:44 . 2008-03-15 17:44 58,076 --ah----- C:\WINDOWS\system32\nwqgduos.exe
2008-03-15 08:59 . 2006-07-21 09:32 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll
2008-03-15 08:42 . 2008-03-15 08:42 <REP> d-------- C:\WINDOWS\system32\bits
2008-03-15 08:40 . 2006-03-01 20:45 83,456 --a------ C:\WINDOWS\system32\mtxoci.dll
2008-03-15 08:40 . 2006-03-01 20:45 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2008-03-15 08:00 . 2008-03-15 08:00 64,000 --ah----- C:\WINDOWS\system32\pvxdqbg.exe
2008-03-15 07:56 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-15 07:55 . 2008-03-15 07:55 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-15 07:53 . 2008-03-15 17:50 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-15 07:53 . 2008-03-15 19:42 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-14 20:33 . 2008-03-14 20:33 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-14 20:25 . 2008-03-14 20:25 141,824 --ah----- C:\WINDOWS\system32\kmta.exe
2008-03-14 18:57 . 2004-03-30 02:49 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2008-03-14 18:55 . 2006-07-13 09:41 199,936 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-03-14 18:54 . 2004-08-20 22:53 704,512 --a------ C:\WINDOWS\system32\sxs.dll
2008-03-14 18:54 . 2004-08-20 22:53 82,944 --a------ C:\WINDOWS\system32\fldrclnr.dll
2008-03-14 18:54 . 2005-09-01 02:50 16,384 --a------ C:\WINDOWS\system32\linkinfo.dll
2008-03-14 18:01 . 2008-03-14 18:01 42,496 -r-hs---- C:\WINDOWS\system32\sams.exe
2008-03-12 21:48 . 2008-03-12 21:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-12 21:16 . 2006-09-13 06:10 1,110,528 --a------ C:\WINDOWS\system32\msxml3.dll
2008-03-12 21:16 . 2006-09-13 06:10 1,110,528 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-03-12 21:16 . 2004-10-28 02:31 93,184 --a------ C:\WINDOWS\system32\cscdll.dll
2008-03-12 21:15 . 2005-10-20 23:34 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
2008-03-12 21:14 . 2006-06-26 18:48 6,144 --------- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-03-12 21:09 . 2008-03-12 21:09 83,968 --ah----- C:\WINDOWS\system32\epawoq.exe
2008-03-12 19:54 . 2006-08-14 09:59 321,536 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-03-12 19:53 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-12 19:53 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-12 19:53 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-08 09:03 . 2008-03-08 09:03 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-03-08 09:03 . 2008-03-08 09:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 09:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 11:04 . 2008-03-01 11:04 60,416 --------- C:\WINDOWS\system32\cfons.exe
2008-03-01 11:04 . 2008-03-01 11:04 40,448 --a------ C:\WINDOWS\system32\xxyxxwv.dll.vir
2008-03-01 11:04 . 2008-03-01 11:04 13,147 --a------ C:\WINDOWS\system32\algvrqly.exe
2008-03-01 10:59 . 2008-03-01 10:59 594,944 --------- C:\WINDOWS\system32\plms.exe
2008-03-01 10:57 . 2008-03-01 10:58 62,464 --ah----- C:\WINDOWS\system32\tzhccqa.exe
2008-03-01 10:56 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-01 10:56 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-01 10:56 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-01 10:56 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-03-01 10:56 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-03-01 10:56 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-03-01 10:56 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-01 10:50 . 2008-03-01 10:50 13,147 --a------ C:\WINDOWS\system32\cmgsg.exe
2008-03-01 10:38 . 2008-03-01 10:38 13,147 --a------ C:\WINDOWS\system32\vhoxa.exe
2008-03-01 09:21 . 2008-03-01 09:38 <REP> d-------- C:\VundoFix Backups
2008-02-28 11:03 . 2008-02-28 11:03 13,147 --a------ C:\WINDOWS\system32\jczqo.exe
2008-02-28 11:01 . 2008-02-28 11:01 <REP> d-------- C:\Program Files\Crawler
2008-02-28 11:00 . 2008-02-28 11:14 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-28 11:00 . 2008-02-28 11:14 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Spyware Terminator
2008-02-28 11:00 . 2008-02-28 11:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-28 11:00 . 2008-02-28 11:00 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-28 10:47 . 2008-02-28 10:47 13,147 --a------ C:\WINDOWS\system32\kkmbxk.exe
2008-02-28 10:47 . 2008-02-28 10:47 13,147 --a------ C:\WINDOWS\system32\dwuhhz.exe
2008-02-28 10:46 . 2008-02-28 10:46 13,147 --a------ C:\WINDOWS\system32\rzxhqwby.exe
2008-02-28 10:44 . 2008-02-28 10:44 13,147 --a------ C:\WINDOWS\system32\gove.exe
2008-02-28 10:44 . 2008-02-28 10:44 13,147 --a------ C:\WINDOWS\system32\geonh.exe
2008-02-27 19:29 . 2008-02-27 19:29 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-27 19:22 . 2008-02-27 19:22 <REP> d-------- C:\_OTMoveIt
2008-02-27 18:57 . 2008-02-27 18:57 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-02-27 18:57 . 2008-02-27 18:57 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-02-26 18:43 . 2008-02-26 18:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 18:43 . 2008-02-26 18:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 18:43 . 2008-03-12 21:31 54 --a------ C:\WINDOWS\system32\x
2008-02-26 18:12 . 2008-02-26 18:12 <REP> d-------- C:\Program Files\Avira
2008-02-26 18:12 . 2008-02-26 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-26 17:51 . 2008-02-26 17:51 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-26 17:51 . 2008-02-26 17:51 <REP> d-------- C:\Program Files\Zone Labs
2008-02-26 17:51 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-26 17:51 . 2008-02-26 17:51 353,118 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-26 17:40 . 2008-02-26 17:51 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-26 15:46 . 2008-02-26 15:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-26 15:46 . 2008-02-26 15:46 2,552 --a------ C:\WINDOWS\unins000.dat
2008-02-26 15:07 . 2005-03-02 19:21 562,176 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-02-26 15:06 . 2008-02-26 15:06 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-26 14:01 . 2008-02-26 18:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 14:01 . 2008-02-26 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 10:08 . 2008-02-26 10:08 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-02-26 09:59 . 2008-02-26 09:59 <REP> d-------- C:\Program Files\VideoLAN
2008-02-26 09:38 . 2008-02-26 09:38 <REP> d-------- C:\Program Files\Alwil Software
2008-02-26 09:38 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-26 09:13 . 2008-02-26 09:13 <REP> d-------- C:\Program Files\CCleaner
2008-02-26 09:11 . 2008-02-26 09:11 <REP> d-------- C:\Program Files\Lavasoft
2008-02-26 09:11 . 2008-02-26 09:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 09:10 . 2008-02-26 09:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-26 09:02 . 2008-02-26 09:02 <REP> d-------- C:\Program Files\Lavalys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 14:54 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2008-02-26 14:54 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-02-10 09:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2008-02-10 09:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 09:35 --------- d-----w C:\Program Files\Free
2008-02-08 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 23:16 --------- d-----w C:\Program Files\Virtual CD v4 SDK
2008-02-08 23:16 --------- d-----w C:\Program Files\Services en ligne
2008-02-08 23:16 --------- d-----w C:\Program Files\Real
2008-02-08 23:16 --------- d-----w C:\Program Files\QuickTime
2008-02-08 23:16 --------- d-----w C:\Program Files\MouseWare
2008-02-08 23:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 23:16 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-02-08 23:16 --------- d-----w C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
2008-02-08 23:16 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-02-08 23:15 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-08 23:15 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-08 23:15 --------- d-----w C:\Program Files\CyberLink
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\InterTrust
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-08 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-08 18:04 135,168 ----a-w C:\WINDOWS\system32\sfc_os.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 16:18 1670144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43 35328]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31 335872]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-07-17 17:45 151597]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-28 10:49 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 12:00 13312]
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
S2 SAMS;Scanning Analist Management System;C:\WINDOWS\System32\sams.exe [2008-03-14 18:01]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-09 15:05:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 21:07:54
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-15 21:09:21
ComboFix-quarantined-files.txt 2008-03-15 20:08:35
ComboFix2.txt 2008-03-15 19:18:10
ComboFix3.txt 2008-03-14 18:10:01
.
2008-03-15 09:32:42 --- E O F ---
0
Réponse 92 / 120
cyr75
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:52, on 15/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Propriétaire\Bureau\cyril.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Scanning Analist Management System (SAMS) - Unknown owner - C:\WINDOWS\System32\sams.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 93 / 120
Utilisateur anonyme
 
On va tenter de nouveau un coup d'antivir en mode sans echec arpès l'avoir mis à jour.

La même chose avec AVG Anty-Spyware.

N'oublie pas de sauvegarder les rapports et de me les poster et à la fin un rapport HJ en mode sans echec et un en mode normal.

(J'y perds mon latin)
0
Réponse 94 / 120
cyr75
 
voici d'abord le rapport antivir en mode sans échec apès MAJ:

AntiVir PersonalEdition Classic
Report file date: dimanche 16 mars 2008 11:19

Scanning for 1147670 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: Propriétaire
Computer name: CYRIL

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:26:55
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 09:26:55
ANTIVIR3.VDF : 7.0.3.31 158208 Bytes 14/03/2008 09:26:55
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 15/03/2008 09:26:55
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 28/02/2008 09:49:39
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 16 mars 2008 11:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sams.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System32\sams.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'sams.exe' has been terminated
C:\WINDOWS\System32\sams.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '4849f4c5.qua'!

14 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '30' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0015311.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '480cfad5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0020266.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '480cfad8.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0020267.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[INFO] The file was moved to '480cfadb.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0020277.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '480cfadd.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0022295.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '480cfae0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0024296.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '480cfae2.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP34\A0027420.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '480cfb17.qua'!
C:\WINDOWS\system32\algvrqly.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '48442a8c.qua'!
C:\WINDOWS\system32\aof.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YIA Backdoor server programs
[INFO] The file was moved to '48432a98.qua'!
C:\WINDOWS\system32\cfons.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '484c2a97.qua'!
C:\WINDOWS\system32\cmgsg.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '48442aa2.qua'!
C:\WINDOWS\system32\codbmamj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48412aa7.qua'!
C:\WINDOWS\system32\dquwb.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.215
[INFO] The file was moved to '48522ab5.qua'!
C:\WINDOWS\system32\dwuhhz.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '48522abf.qua'!
C:\WINDOWS\system32\epawoq.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '483e2abd.qua'!
C:\WINDOWS\system32\geonh.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '484c2ab7.qua'!
C:\WINDOWS\system32\gove.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '48532ac9.qua'!
C:\WINDOWS\system32\hnix.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48462acc.qua'!
C:\WINDOWS\system32\jczqo.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '48572acb.qua'!
C:\WINDOWS\system32\kkmbxk.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '484a2ad7.qua'!
C:\WINDOWS\system32\kmta.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '48512adc.qua'!
C:\WINDOWS\system32\kroyga.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '484c2ae3.qua'!
C:\WINDOWS\system32\nwqgduos.exe
[DETECTION] Contains code of the Windows virus W32/Virut.Gen
[INFO] The file was moved to '484e2b04.qua'!
C:\WINDOWS\system32\plms.exe
[DETECTION] Contains detection pattern of the worm WORM/Kolab.LF
[INFO] The file was moved to '484a2b00.qua'!
C:\WINDOWS\system32\pvxdqbg.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.215
[INFO] The file was moved to '48552b0d.qua'!
C:\WINDOWS\system32\refvc.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.48348
[INFO] The file was moved to '48432b02.qua'!
C:\WINDOWS\system32\rzxhqwby.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '48552b1b.qua'!
C:\WINDOWS\system32\tzhccqa.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48452b2a.qua'!
C:\WINDOWS\system32\vhoxa.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '484c2b1e.qua'!
C:\WINDOWS\system32\xxyxxwv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48562b3b.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VGB2TQR\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '48142afe.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VGB2TQR\84785_winhtb[2].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '48142b01.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VGB2TQR\84785_winhtb[3].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '48142b03.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\61A5SVE7\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '48142b06.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\61A5SVE7\84785_winhtb[2].exe
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.E.dam
[INFO] The file was moved to '48142b09.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EHKLYHEH\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '48142b0b.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KX0DMPKP\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '48142b0d.qua'!
C:\_OTMoveIt\MovedFiles\03152008_080422\WINDOWS\System32\dllcache\wintcps.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.IX.2
[INFO] The file was moved to '484b2b86.qua'!
C:\_OTMoveIt\MovedFiles\03152008_183035\Windows\System32\aaqweg.exe
[DETECTION] Is the Trojan horse TR/Qhost.agt
[INFO] The file was moved to '484e2b81.qua'!

End of the scan: dimanche 16 mars 2008 15:13
Used time: 3:54:13 min

The scan has been done completely.

3334 Scanning directories
113748 Files were scanned
41 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
40 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
113707 Files not concerned
6133 Archives were scanned
1 Warnings
0 Notes
0
Réponse 95 / 120
cyr75
 
le rapport d'avg en mode sans échec :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:48:33 16/03/2008

+ Résultat de l'analyse:

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP34\A0027436.exe -> Backdoor.Agent.ok : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP34\A0027439.exe -> Backdoor.Agent.ok : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0026382.vbs -> Downloader.Small.az : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP15\A0020268.EXE -> Heuristic.Win32.AVKiller : Nettoyé.
:mozilla.41:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.42:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.43:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.47:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.40:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.44:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.45:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.46:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.48:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.49:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.79:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.80:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.81:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.38:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.39:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.18:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.54:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.55:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.56:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.58:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.64:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.65:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.66:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.67:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.68:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.69:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\gup2pqvj.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP34\A0027435.exe -> Trojan.Pakes : Nettoyé.

Fin du rapport
0
Réponse 96 / 120
cyr75
 
le rapport hijackthis en mode sans échec :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:19, on 16/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Propriétaire\Bureau\cyril.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Scanning Analist Management System (SAMS) - Unknown owner - C:\WINDOWS\System32\sams.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 97 / 120
cyr75
 
et le rapport en mode normal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:00, on 16/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Propriétaire\Bureau\cyril.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Scanning Analist Management System (SAMS) - Unknown owner - C:\WINDOWS\System32\sams.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 98 / 120
Utilisateur anonyme
 
Whaou, ça déménage sec.

Tu peux me refaire ça

http://www.commentcamarche.net/forum/affich 5217309 trojan a devenir dingue?page=5#89
0
Réponse 99 / 120
cyr75
 
refaire quoi ?
0
Réponse 100 / 120
Utilisateur anonyme
 
Ca, ComboFix

http://www.commentcamarche.net/forum/affich 5217309 trojan a devenir dingue?page=5#89

_
0

Discussions similaires

Mot de passe de plus de 8 caractère
Valentine -
marg -

7 réponses
julia
sioux -
madmyke -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment devenir une chanteuse à 12 ans ?
Lou -
BmV -

4 réponses
je veux deveni son ami
yahoo. -
gizzmo-) -

5 réponses