Cheval de troie Dropper.Generic.VUZ
Kikou11
Messages postés
9
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Pouvez vous me dire comment me débarasser du cheval de troie que m'a détecté AVG.
J'ai suivi un peu le processus d' EP4 et voici le compte rendu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:39, on 25/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
D:\Analyse Cheval Troie\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CDEReInst] "C:\Program Files\InstallShield Installation Information\{85459D1C-7569-4D5F-B5C4-C3F5A3BE746C}\setup.exe" /scsiinst
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opNfGxyW.dll,#1
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Yannick\AppData\Local\Temp\ljJDVpPJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Yannick\AppData\Local\Temp\qoMcbabX.dll,#1
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Yannick\AppData\Local\Temp\xxixjbjf.dll",b
O4 - HKCU\..\Run: [Host Process] C:\Users\Yannick\svchost.exe
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Yannick\AppData\Local\Temp\pjtvkley.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otta.synaps.fr/AxisCamControl.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
End of file - 11836 bytes
EP4 pouvez vous me dire la marche à suivre....SVP
Merci de m'aider...
PS : j'ai egalement un virus qui a ete detecté par AVG sur le chemin c:\user\yannick\svchost.exe "virus : svchost.exe"....
Quelle pagaille !!!!!... AVG plante à force d'analyser car il me déclare plus de 40000 menaces détectées....
Cordialement
Pouvez vous me dire comment me débarasser du cheval de troie que m'a détecté AVG.
J'ai suivi un peu le processus d' EP4 et voici le compte rendu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:39, on 25/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
D:\Analyse Cheval Troie\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CDEReInst] "C:\Program Files\InstallShield Installation Information\{85459D1C-7569-4D5F-B5C4-C3F5A3BE746C}\setup.exe" /scsiinst
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opNfGxyW.dll,#1
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Yannick\AppData\Local\Temp\ljJDVpPJ.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Yannick\AppData\Local\Temp\qoMcbabX.dll,#1
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Yannick\AppData\Local\Temp\xxixjbjf.dll",b
O4 - HKCU\..\Run: [Host Process] C:\Users\Yannick\svchost.exe
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Yannick\AppData\Local\Temp\pjtvkley.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otta.synaps.fr/AxisCamControl.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
End of file - 11836 bytes
EP4 pouvez vous me dire la marche à suivre....SVP
Merci de m'aider...
PS : j'ai egalement un virus qui a ete detecté par AVG sur le chemin c:\user\yannick\svchost.exe "virus : svchost.exe"....
Quelle pagaille !!!!!... AVG plante à force d'analyser car il me déclare plus de 40000 menaces détectées....
Cordialement
A voir également:
- Cheval de troie Dropper.Generic.VUZ
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Skyrim retrouver son cheval - Forum Jeux PC
6 réponses
slt,
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Merci de m'aider...
Voici le rapport issu de comboFix :
ComboFix 08-08-24.03 - Yannick 2008-08-25 22:42:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1080 [GMT 2:00]
Endroit: C:\Users\Yannick\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\Program Files\outlook\v.tmp
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Users\Yannick\AppData\Local\Temp\ljJDVpPJ.dll
C:\Users\Yannick\AppData\Local\Temp\pjtvkley.dll
C:\Users\Yannick\AppData\Local\Temp\xxixjbjf.dll
C:\Users\Yannick\ctfmon.exe
C:\Windows\b152.exe
C:\Windows\system32\atmtd.dll._
C:\Windows\system32\bszip.dll
C:\Windows\system32\cmd.com
C:\Windows\system32\m3
C:\Windows\system32\m3\vgrem084.exe
C:\Windows\system32\MSINET.oca
C:\Windows\system32\netstat.com
C:\Windows\system32\opNfGxyW.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\ping.com
C:\Windows\system32\regedit.com
C:\Windows\system32\taskkill.com
C:\Windows\system32\tasklist.com
C:\Windows\system32\tracert.com
C:\Windows\system32\x64
C:\Windows\system32\xxyvsSJy.dll
----- BITS: Possible sites infect‚s -----
http://premium.virginmega.fr
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))))))))
.
2008-08-25 19:22 . 2008-08-25 19:25 <REP> d-------- C:\Windows\System32\drivers\Avg
2008-08-25 19:22 . 2008-08-25 19:22 <REP> d-------- C:\Program Files\AVG
2008-08-25 19:22 . 2008-08-25 19:22 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-25 19:22 . 2008-08-25 19:22 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-25 19:22 . 2008-08-25 19:22 12,936 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2008-08-25 19:22 . 2008-08-25 19:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-25 19:02 . 2008-08-25 19:02 115,970 --a------ C:\Users\Yannick\a.zip
2008-08-25 18:55 . 2008-08-25 18:55 <REP> dr------- C:\Users\Public\Videos
2008-08-25 18:55 . 2008-08-25 18:55 <REP> dr------- C:\Users\Public\Pictures
2008-08-25 18:47 . 2008-08-25 18:47 <REP> d-------- C:\PerfLogs
2008-08-24 21:51 . 2008-08-24 21:51 <REP> d-------- C:\Program Files\Mjcore
2008-08-24 21:50 . 2008-08-25 20:20 <REP> d--hs---- C:\Users\Yannick\'
2008-08-24 21:50 . 2008-08-25 19:02 147,456 --a------ C:\Users\Yannick\vbzip10.dll
2008-08-24 21:46 . 2008-08-24 21:56 <REP> d--hs---- C:\Windows\WWFubmljaw
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Windows\System32\tsa
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Windows\System32\pit1
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Windows\System32\eMaxt02
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Temp\bbc2
2008-08-24 21:46 . 2008-08-25 22:43 <REP> d-------- C:\Temp
2008-08-24 21:46 . 2008-08-24 21:46 537 --a------ C:\Users\Yannick\417.bat
2008-08-24 21:46 . 2008-08-24 21:46 71 --a------ C:\Users\Yannick\4780.bat
2008-08-24 21:21 . 2008-08-25 19:02 <REP> d-------- C:\Users\Yannick\AppData\Roaming\LimeWire
2008-08-16 20:46 . 2008-08-16 20:47 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-08-16 20:41 . 2008-08-16 20:41 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-16 06:24 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-15 03:13 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-15 03:13 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-15 03:12 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-15 03:12 . 2008-01-19 09:36 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-15 03:12 . 2008-01-19 09:36 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-15 03:12 . 2008-01-19 09:34 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-15 02:03 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 01:32 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 12:36 . 2008-08-12 12:36 <REP> d-------- C:\Users\Yannick\AppData\Roaming\Apple Computer
2008-08-12 12:34 . 2008-08-25 20:52 <REP> d-------- C:\Users\All Users\Apple Computer
2008-08-12 12:34 . 2008-08-25 20:52 <REP> d-------- C:\ProgramData\Apple Computer
2008-08-12 12:34 . 2008-08-12 12:34 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-12 12:33 . 2008-08-12 12:33 <REP> d-------- C:\Users\All Users\Apple
2008-08-12 12:33 . 2008-08-12 12:33 <REP> d-------- C:\ProgramData\Apple
2008-08-12 12:33 . 2008-08-12 12:33 <REP> d-------- C:\Program Files\Common Files\Apple
2008-07-30 19:02 . 2008-07-30 19:02 <REP> dr------- C:\Users\Yannick\Pictures
2008-07-30 12:08 . 2008-08-12 12:36 <REP> dr------- C:\Users\Yannick\Music
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 18:52 --------- d-----w C:\Program Files\QuickTime
2008-08-25 18:49 --------- d-----w C:\Program Files\Google
2008-08-25 18:13 --------- d-----w C:\ProgramData\Avg8
2008-08-25 16:55 174 --sha-w C:\Program Files\desktop.ini
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Mail
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Journal
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Defender
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Calendar
2008-08-20 10:53 --------- d-----w C:\Users\Yannick\AppData\Roaming\CamfrogWEB
2008-08-18 05:35 --------- d-----w C:\Program Files\Windows Live
2008-08-16 18:58 --------- d-----w C:\ProgramData\WLInstaller
2008-08-16 04:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-12 20:36 --------- d-----w C:\Program Files\Sun
2008-07-12 20:36 --------- d-----w C:\Program Files\Java
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-23 21:47 156 ----a-w C:\Users\Yannick\BackupResult.DAT
2008-03-12 15:39 212 ----a-w C:\Users\Yannick\AppData\Roaming\wklnhst.dat
2008-01-14 13:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-14 13:37 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-14 13:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 16:58 151552]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 10:56 423424]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 20:55 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 11:14 404536]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 20:03 102400]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"CDEReInst"="C:\Program Files\InstallShield Installation Information\{85459D1C-7569-4D5F-B5C4-C3F5A3BE746C}\setup.exe" [2001-09-05 18:03 168448]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-22 14:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-22 14:47 8425472]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-22 14:47 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-25 19:22 1231128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-20 11:49:51 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{20BB5B5D-2815-4F47-98BC-929B7646C657}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{C0D68E26-45E6-4F8B-A60E-68367BBD2A60}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{F2020249-49DE-4F89-98D0-A6F72E848250}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7310DDAF-3F35-4E20-9553-F3428A4427C5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DDA697E6-1B43-4283-B188-D4026CF5E971}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1720842-44FF-4E07-A0F3-30E0AD17C00A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DE9F3E57-118F-45AD-8BFC-AE16C14C7B5D}C:\\program files\\orange hss\\browser\\browser.exe"= Disabled:UDP:C:\program files\orange hss\browser\browser.exe:Browser
"UDP Query User{D05EDF38-E789-4189-83E1-2C7F296E4BF5}C:\\program files\\orange hss\\browser\\browser.exe"= Disabled:TCP:C:\program files\orange hss\browser\browser.exe:Browser
"{3217FC5C-1082-4B2B-867B-39BB8D2FF13C}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{63B4DD39-2048-4DA2-ABE6-312C2A9C2738}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-08-25 19:22]
R0 sonyhcb;Sony Digital Imaging Base;C:\Windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 10:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-25 19:22]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 18:54]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 19:22]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 09:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 16:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 15:49]
R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-25 19:22]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-08-14 11:43]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athru6.sys [2007-05-16 19:43]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
S3 sonyhcs;Sony Digital Imaging Video;C:\Windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 10:23]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A35F676D-0D30-48F6-8E55-60533150EBCA}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Host Process - C:\Users\Yannick\svchost.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - C:\Windows\system32\hkcmd.exe
HKLM-Run-Persistence - C:\Windows\system32\igfxpers.exe
HKLM-Run-MSServer - C:\Windows\system32\opNfGxyW.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{E1DA6974-4B55-4158-91FB-4EEF76309791} - C:\Windows\system32\opNfGxyW.dll
.
------- Supplementary Scan -------
.
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\Windows\Downloaded Program Files\CONFLICT.1\OberonGameHost_dbg.inf
C:\Windows\Downloaded Program Files\CONFLICT.1\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 22:50:27
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Program Files\Controle Parental\bin\lsp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-25 22:56:15 - machine was rebooted [Yannick]
ComboFix-quarantined-files.txt 2008-08-25 20:55:58
Pre-Run: 211,539,267,584 octets libres
Post-Run: 213,524,705,280 octets libres
259 --- E O F --- 2008-08-25 16:37:49
Bonne lecture et bon courage, moi je n'y comprends rien...lol
Dans l'attente de vous lire...
Merciiiiiiiii
Yan
Voici le rapport issu de comboFix :
ComboFix 08-08-24.03 - Yannick 2008-08-25 22:42:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1080 [GMT 2:00]
Endroit: C:\Users\Yannick\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\Program Files\outlook\v.tmp
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Users\Yannick\AppData\Local\Temp\ljJDVpPJ.dll
C:\Users\Yannick\AppData\Local\Temp\pjtvkley.dll
C:\Users\Yannick\AppData\Local\Temp\xxixjbjf.dll
C:\Users\Yannick\ctfmon.exe
C:\Windows\b152.exe
C:\Windows\system32\atmtd.dll._
C:\Windows\system32\bszip.dll
C:\Windows\system32\cmd.com
C:\Windows\system32\m3
C:\Windows\system32\m3\vgrem084.exe
C:\Windows\system32\MSINET.oca
C:\Windows\system32\netstat.com
C:\Windows\system32\opNfGxyW.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\ping.com
C:\Windows\system32\regedit.com
C:\Windows\system32\taskkill.com
C:\Windows\system32\tasklist.com
C:\Windows\system32\tracert.com
C:\Windows\system32\x64
C:\Windows\system32\xxyvsSJy.dll
----- BITS: Possible sites infect‚s -----
http://premium.virginmega.fr
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))))))))
.
2008-08-25 19:22 . 2008-08-25 19:25 <REP> d-------- C:\Windows\System32\drivers\Avg
2008-08-25 19:22 . 2008-08-25 19:22 <REP> d-------- C:\Program Files\AVG
2008-08-25 19:22 . 2008-08-25 19:22 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-25 19:22 . 2008-08-25 19:22 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-25 19:22 . 2008-08-25 19:22 12,936 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2008-08-25 19:22 . 2008-08-25 19:22 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-25 19:02 . 2008-08-25 19:02 115,970 --a------ C:\Users\Yannick\a.zip
2008-08-25 18:55 . 2008-08-25 18:55 <REP> dr------- C:\Users\Public\Videos
2008-08-25 18:55 . 2008-08-25 18:55 <REP> dr------- C:\Users\Public\Pictures
2008-08-25 18:47 . 2008-08-25 18:47 <REP> d-------- C:\PerfLogs
2008-08-24 21:51 . 2008-08-24 21:51 <REP> d-------- C:\Program Files\Mjcore
2008-08-24 21:50 . 2008-08-25 20:20 <REP> d--hs---- C:\Users\Yannick\'
2008-08-24 21:50 . 2008-08-25 19:02 147,456 --a------ C:\Users\Yannick\vbzip10.dll
2008-08-24 21:46 . 2008-08-24 21:56 <REP> d--hs---- C:\Windows\WWFubmljaw
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Windows\System32\tsa
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Windows\System32\pit1
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Windows\System32\eMaxt02
2008-08-24 21:46 . 2008-08-24 21:46 <REP> d-------- C:\Temp\bbc2
2008-08-24 21:46 . 2008-08-25 22:43 <REP> d-------- C:\Temp
2008-08-24 21:46 . 2008-08-24 21:46 537 --a------ C:\Users\Yannick\417.bat
2008-08-24 21:46 . 2008-08-24 21:46 71 --a------ C:\Users\Yannick\4780.bat
2008-08-24 21:21 . 2008-08-25 19:02 <REP> d-------- C:\Users\Yannick\AppData\Roaming\LimeWire
2008-08-16 20:46 . 2008-08-16 20:47 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-08-16 20:41 . 2008-08-16 20:41 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-16 06:24 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-15 03:13 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-15 03:13 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-15 03:12 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-15 03:12 . 2008-01-19 09:36 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-15 03:12 . 2008-01-19 09:36 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-15 03:12 . 2008-01-19 09:34 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-15 02:03 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 01:32 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 12:36 . 2008-08-12 12:36 <REP> d-------- C:\Users\Yannick\AppData\Roaming\Apple Computer
2008-08-12 12:34 . 2008-08-25 20:52 <REP> d-------- C:\Users\All Users\Apple Computer
2008-08-12 12:34 . 2008-08-25 20:52 <REP> d-------- C:\ProgramData\Apple Computer
2008-08-12 12:34 . 2008-08-12 12:34 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-12 12:33 . 2008-08-12 12:33 <REP> d-------- C:\Users\All Users\Apple
2008-08-12 12:33 . 2008-08-12 12:33 <REP> d-------- C:\ProgramData\Apple
2008-08-12 12:33 . 2008-08-12 12:33 <REP> d-------- C:\Program Files\Common Files\Apple
2008-07-30 19:02 . 2008-07-30 19:02 <REP> dr------- C:\Users\Yannick\Pictures
2008-07-30 12:08 . 2008-08-12 12:36 <REP> dr------- C:\Users\Yannick\Music
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 18:52 --------- d-----w C:\Program Files\QuickTime
2008-08-25 18:49 --------- d-----w C:\Program Files\Google
2008-08-25 18:13 --------- d-----w C:\ProgramData\Avg8
2008-08-25 16:55 174 --sha-w C:\Program Files\desktop.ini
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Mail
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Journal
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Defender
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-25 16:48 --------- d-----w C:\Program Files\Windows Calendar
2008-08-20 10:53 --------- d-----w C:\Users\Yannick\AppData\Roaming\CamfrogWEB
2008-08-18 05:35 --------- d-----w C:\Program Files\Windows Live
2008-08-16 18:58 --------- d-----w C:\ProgramData\WLInstaller
2008-08-16 04:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-12 20:36 --------- d-----w C:\Program Files\Sun
2008-07-12 20:36 --------- d-----w C:\Program Files\Java
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-23 21:47 156 ----a-w C:\Users\Yannick\BackupResult.DAT
2008-03-12 15:39 212 ----a-w C:\Users\Yannick\AppData\Roaming\wklnhst.dat
2008-01-14 13:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-14 13:37 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-14 13:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 16:58 151552]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 10:56 423424]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 20:55 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 11:14 404536]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 20:03 102400]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"CDEReInst"="C:\Program Files\InstallShield Installation Information\{85459D1C-7569-4D5F-B5C4-C3F5A3BE746C}\setup.exe" [2001-09-05 18:03 168448]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-22 14:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-22 14:47 8425472]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-22 14:47 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-25 19:22 1231128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-20 11:49:51 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{20BB5B5D-2815-4F47-98BC-929B7646C657}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{C0D68E26-45E6-4F8B-A60E-68367BBD2A60}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{F2020249-49DE-4F89-98D0-A6F72E848250}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7310DDAF-3F35-4E20-9553-F3428A4427C5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DDA697E6-1B43-4283-B188-D4026CF5E971}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1720842-44FF-4E07-A0F3-30E0AD17C00A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DE9F3E57-118F-45AD-8BFC-AE16C14C7B5D}C:\\program files\\orange hss\\browser\\browser.exe"= Disabled:UDP:C:\program files\orange hss\browser\browser.exe:Browser
"UDP Query User{D05EDF38-E789-4189-83E1-2C7F296E4BF5}C:\\program files\\orange hss\\browser\\browser.exe"= Disabled:TCP:C:\program files\orange hss\browser\browser.exe:Browser
"{3217FC5C-1082-4B2B-867B-39BB8D2FF13C}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{63B4DD39-2048-4DA2-ABE6-312C2A9C2738}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-08-25 19:22]
R0 sonyhcb;Sony Digital Imaging Base;C:\Windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 10:23]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-25 19:22]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 18:54]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 19:22]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 09:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 16:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 15:49]
R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-25 19:22]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-08-14 11:43]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athru6.sys [2007-05-16 19:43]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
S3 sonyhcs;Sony Digital Imaging Video;C:\Windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 10:23]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{A35F676D-0D30-48F6-8E55-60533150EBCA}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Host Process - C:\Users\Yannick\svchost.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - C:\Windows\system32\hkcmd.exe
HKLM-Run-Persistence - C:\Windows\system32\igfxpers.exe
HKLM-Run-MSServer - C:\Windows\system32\opNfGxyW.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{E1DA6974-4B55-4158-91FB-4EEF76309791} - C:\Windows\system32\opNfGxyW.dll
.
------- Supplementary Scan -------
.
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\Windows\Downloaded Program Files\CONFLICT.1\OberonGameHost_dbg.inf
C:\Windows\Downloaded Program Files\CONFLICT.1\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 22:50:27
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Program Files\Controle Parental\bin\lsp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-25 22:56:15 - machine was rebooted [Yannick]
ComboFix-quarantined-files.txt 2008-08-25 20:55:58
Pre-Run: 211,539,267,584 octets libres
Post-Run: 213,524,705,280 octets libres
259 --- E O F --- 2008-08-25 16:37:49
Bonne lecture et bon courage, moi je n'y comprends rien...lol
Dans l'attente de vous lire...
Merciiiiiiiii
Yan
Pour info,
Je viens de relancer AVG et chaque fois qu'il arrive sur l'analyse de répertoire suivant :
c:\user\yannick\'\
c'est là qu'il détecte le cheval de troie dropper.generic.VUZ et le virus svchost.exe
Si ça peut aider...
Merciiiiiiii à plus tard
Je viens de relancer AVG et chaque fois qu'il arrive sur l'analyse de répertoire suivant :
c:\user\yannick\'\
c'est là qu'il détecte le cheval de troie dropper.generic.VUZ et le virus svchost.exe
Si ça peut aider...
Merciiiiiiii à plus tard
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
recolles un hijackhtis et dis tes soucis
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
recolles un hijackhtis et dis tes soucis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Désolé obligation pro oblige j'ai fait l'analyse que hier...voici le compte rendu :
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1088
Windows 6.0.6001 Service Pack 1
10:56:17 27/08/2008
mbam-log-08-27-2008 (10-56-13).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 127982
Temps écoulé: 58 minute(s), 36 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Mjcore (Trojan.BHO) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> No action taken.
C:\QooBox\Quarantine\C\Users\Yannick\AppData\Local\Temp\ljJDVpPJ.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\Users\Yannick\AppData\Local\Temp\xxixjbjf.dll.vir (Trojan.Vundo) -> No action taken.
Merci de le dire si c grave docteur...
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1088
Windows 6.0.6001 Service Pack 1
10:56:17 27/08/2008
mbam-log-08-27-2008 (10-56-13).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 127982
Temps écoulé: 58 minute(s), 36 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Mjcore (Trojan.BHO) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> No action taken.
C:\QooBox\Quarantine\C\Users\Yannick\AppData\Local\Temp\ljJDVpPJ.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\Users\Yannick\AppData\Local\Temp\xxixjbjf.dll.vir (Trojan.Vundo) -> No action taken.
Merci de le dire si c grave docteur...
