Infecté par 4 trojans Résolu/Fermé

Question

Bonjour,

Il y a quelques jours, suite à l'exécution d'un exécutable via Internet, le parefeu de WIndows XP pro m'informait régulièrement que les trojans suivants agissaient sur mon PC, sans pouvoir y faire quelque chose :
Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.HTML.Bankfraud.dq
De plus, le gestionnaire de tâche n'était plus accessible.
J'ai exécuté des scans AVG, Kapersy et Ad-aware, mais les messages apparaissaient toujours.

Mais, aujourd'hui, windows s'est mis à jour et a installé le SP3.
Depuis, plus de messages du parefeu windows et le gestionnaire de tâches est de nouveau accessible.
Suis-je débarrassé de ces trojans ? Comment en être sûr ? Quelles actions ces trojans peuvent faire ?

Merci pour votre aide
Bubu

ep44 · Answer

Bonsoir bubu

Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.(si c'est toujours le cas)

Télécharge sur le Bureau HijackThis  

http://download.hijackthis.eu/HJTInstall.exe

= Double-clique sur dessus pour l'installer 
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

@+

amd64 · Answer

a mon avis tu les as encore 

demare  en mode sans echecs et lance un scan anti virus et anti spy

evasion60/PCA · Answer

Hello, bonsoir 
... Tu sembles étonné :
Trojan-Clicker.Win32.Tiny.h 
Trojan-Spy.Win32.KeyLogger.aa 
Trojan-Downloader.Win32.Agent.bq 
Trojan-Spy.HTML.Bankfraud.dq 

Supprime tes cracks déjà, ensuite nous verons demain !!
Bonne réception

amd64 · Answer

ou telecharge hitjackthis  comme dit ep44

Bubu · Answer

Merci pour votre aide, si rapide !!

Voici donc le log.

Bubu


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:33, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O21 - SSODL: monsmart - {04742814-4CA0-6481-65D9-0AC9335B5DB0} - C:\Program Files\yhttewd\monsmart.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

Bubu · Answer

C'est grave docteur ?

Merci merci pour votre aide

ep44 · Answer

Bonsoir bubu, 

pour commencer 

* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation 
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le 
=> Ensuite va en mode sans echec 


   Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
   Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport 

--------------------------

ensuite 

* Télécharge CCleaner 
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser 
http://www.swl1f.net/viewtopic.php?f=14&t=69

--------------------------

Ensuite refais un nouveau HijackThis

Bubu · Answer

Quels éléments dans le log HijackThis, t'as permis de savoir que les trojans sont toujours présents ?
Merci pour ton aide

Bubu

ep44 · Answer

et bien 

celui-ci 
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe 
et 
O21 - SSODL: monsmart - {04742814-4CA0-6481-65D9-0AC9335B5DB0} - C:\Program Files\yhttewd\monsmart.dll 

:)

Bubu · Answer

Voici le log de malwarebytes, exécuté en mode sans échec
Je fais un CCcleaner (en mode normal)

et je refais un HijackThis, ensuite

merci pr l'aide
bruno


Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1130
Windows 5.1.2600 Service Pack 3

08/09/2008 23:20:28
mbam-log-2008-09-08 (23-20-28).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 255377
Temps écoulé: 1 hour(s), 16 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 66

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{04742814-4ca0-6481-65d9-0ac9335b5db0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\monsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\yhttewd (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\yhttewd\monsmart.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	emp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

Bubu · Answer

Enfin, le nouveau log de HijackThis ?
Est-ce mieux ?

Merci encore pour l'aide !!
Bubu




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:37, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

ep44 · Answer

Bonsoir 

Très bien ton rapport et propre 
Pour vérification 

fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

Bubu · Answer

Le fichier dkrahuhy.exe que tu avais repéré dans le premier HijackThis est toujours présent dans le second. Est-ce normal ?
Je fais de suite le scan bitdefender

Merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci pour l'aide

Bubu

Bubu · Answer

voilà le résultat :

http://kalleneden.free.fr/logbitdefender.html

ep44 · Answer

Bonsoir

Oui en effet fait analyser ce fichier sur ce site ==> C:\WINDOWS\system32\dkrahuhy.exe 
https://www.virustotal.com/gui/


Ensuite suit le conseil de evasion60/PCA
http://www.commentcamarche.net/forum/affich 8318425 infecte par 4 trojans#3


ensuite pour vérification

Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+

Bubu · Answer

Bonsoir,

Je n'ai pas pu analyser sur https://www.virustotal.com/gui/ car le fichier C:\WINDOWS\system32\dkrahuhy.exe est introuvable.
J'ai à nouveau effectué un HijackThis et la ligne concernant ce fichier est toujours existante.


Ensuite, je ne comprends pas la remarque de evasion60/PCA," Supprime tes cracks déjà ".
Je n'ai pas "attraper" ces trojans suite à l'exécution d'un crack... J'ai exécuté un fichier qui se faisait passer pour un installeur d'Adobe Reader.

Je fais un DiagHelp


Merci pour tout
Bubu

ep44 · Answer

Excuse moi pour trouver ce fichier fait ceci 
Fait: Windows+e > Outils > Options des dossiers > Affichage > bouton radio "Afficher les fichiers et dossiers cachés"> décoche "Masquer les extensions de fichiers connus" > décoche "Masquer les fichiers protégés du Système" > Clique sur Appliquer à tous les dossiers > Appliquer et ok.
tu devrais le trouver

Bubu · Answer

J'avais déjà exécuté cette manip'
Le fichier reste introuvable

ep44 · Answer

ok

Télécharge OAD  http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : dkrahuhy.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Bubu · Answer

scan diaghelp deux fichiers catchme.log catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 21:03:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 resultat.txt DiagHelp version v1.4 - http://www.malekal.com excute le 10/09/2008 à 21:02:25,50 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10/09/2008 21:02:08 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10/09/2008 21:02:05 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->10/09/2008 21:01:20 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->10/09/2008 21:01:11 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->10/09/2008 21:00:55 C:\WINDOWS\prefetch\AVP.EXE-0C478C0B.pf -->10/09/2008 21:00:03 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->10/09/2008 20:51:03 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->10/09/2008 20:50:59 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->10/09/2008 20:46:21 C:\WINDOWS\prefetch\THUNDERBIRD.EXE-38CA75D9.pf -->10/09/2008 20:46:20 C:\WINDOWS\System32\drivers\fidbox2.idx -->10/09/2008 18:48:10 C:\WINDOWS\System32\drivers\fidbox2.dat -->10/09/2008 18:48:10 C:\WINDOWS\System32\drivers\fidbox.idx -->10/09/2008 03:45:12 C:\WINDOWS\System32\drivers\fidbox.dat -->10/09/2008 03:45:12 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->08/09/2008 00:11:08 C:\WINDOWS\System32\drivers\mbam.sys -->08/09/2008 00:11:02 C:\WINDOWS\System32\drivers\klin.dat -->01/09/2008 20:32:58 C:\WINDOWS\System32 vapps.xml -->10/09/2008 18:40:18 C:\WINDOWS\System32\wpa.dbl -->10/09/2008 18:40:16 C:\WINDOWS\System32\PerfStringBackup.INI -->07/09/2008 22:58:54 C:\WINDOWS\System32\perfh00C.dat -->07/09/2008 22:58:54 C:\WINDOWS\System32\perfh009.dat -->07/09/2008 22:58:54 C:\WINDOWS\System32\perfc00C.dat -->07/09/2008 22:58:54 C:\WINDOWS\System32\perfc009.dat -->07/09/2008 22:58:54 C:\WINDOWS\System32\spupdwxp.log -->07/09/2008 22:57:39 C:\WINDOWS\System32\FNTCACHE.DAT -->07/09/2008 22:57:38 C:\WINDOWS\System32\TZLog.log -->30/08/2008 21:59:26 C:\WINDOWS\System32\MRT.exe -->26/08/2008 22:28:12 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->31/07/2008 20:47:22 C:\WINDOWS\System32\klogon.dll -->29/07/2008 20:21:42 C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48 C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42 C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40 C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36 C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20 C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56 C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46 C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46 C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44 C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44 C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42 C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14 C:\WINDOWS\WindowsUpdate.log -->10/09/2008 19:15:20 C:\WINDOWS soc.log -->10/09/2008 18:47:15 C:\WINDOWS abletoc.log -->10/09/2008 18:47:15 C:\WINDOWS\ocmsn.log -->10/09/2008 18:47:15 C:\WINDOWS\ocgen.log -->10/09/2008 18:47:15 C:\WINDOWS tdtcsetup.log -->10/09/2008 18:47:15 C:\WINDOWS etfxocm.log -->10/09/2008 18:47:15 C:\WINDOWS\msgsocm.log -->10/09/2008 18:47:15 C:\WINDOWS\MedCtrOC.log -->10/09/2008 18:47:15 C:\WINDOWS\KB938464.log -->10/09/2008 18:47:15 C:\WINDOWS\imsins.log -->10/09/2008 18:47:15 C:\WINDOWS\iis6.log -->10/09/2008 18:47:15 C:\WINDOWS\FaxSetup.log -->10/09/2008 18:47:15 C:\WINDOWS\comsetup.log -->10/09/2008 18:47:15 C:\WINDOWS\setuperr.log -->10/09/2008 18:47:14 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2400 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x6d710000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll 0x6d730000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll 0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x58640000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm 0x73600000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll 0x03db0000 0x106000 1.01.0006.0159 C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll 0x04560000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL 0x02620000 0x30000 1.01.0001.0139 C:\Program Files\Fichiers communs\Teleca Shared lib_log.dll 0x00f10000 0x14000 C:\Program Files\Fichiers communs\Teleca Shared\boost_log-vc71-mt-1_33.dll 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x6c3f0000 0x7e000 6.04.0009.1133 C:\WINDOWS\system32\dxmasf.dll 0x097e0000 0x41000 10.00.0000.3802 C:\WINDOWS\system32\DRMClien.DLL 0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll 0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll 0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll 0x78130000 0x9b000 8.00.50727.1378 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1378_x-ww_5c7e3652\MSVCR80.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x00fd0000 0x2d000 C:\Program Files\WinRAR arext.dll 0x1c000000 0x6000 1.02.0001.0000 C:\Program Files\Notepad++ ppcm.dll 0x01f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x02ac0000 0x10000 5.03.0000.0198 C:\Program Files\MagicISO\misosh.dll 0x6d910000 0xc000 8.00.0000.0454 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll 0x7c420000 0x87000 8.00.50727.1378 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1378_x-ww_5c7e3652\MSVCP80.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1116 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x6d710000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll 0x6d730000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x6d4d0000 0x36000 8.00.0000.0454 C:\WINDOWS\system32\klogon.dll 0x01240000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\System32\msxml3.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C06B-FFDC Répertoire de C:\WINDOWS\system32 14/04/2008 04:33 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 5 043 810 304 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C06B-FFDC Répertoire de C:\WINDOWS\Downloaded Program Files 09/09/2008 23:04 . 09/09/2008 23:04 .. 09/01/2008 15:01 32 bdcore.dll 09/01/2008 15:01 118 784 bdupd.dll 01/09/2007 17:38 65 desktop.ini 20/03/2006 17:34 24 576 dwusplay.dll 20/03/2006 17:34 196 608 dwusplay.exe 23/03/2007 13:17 1 292 erma.inf 09/01/2008 15:01 53 248 ipsupd.dll 20/03/2006 17:34 484 272 isusweb.dll 26/02/2008 15:42 7 724 lang.ini 09/01/2008 15:01 32 libfn.dll 21/01/2008 17:43 130 live.ini 07/02/2008 14:06 1 248 oscan8.inf 26/02/2008 15:59 487 424 oscan82.ocx 09/01/2008 15:01 6 828 scanoptions.tsi 30/07/2007 19:24 293 wuweb.inf 15 fichier(s) 1 382 556 octets Total des fichiers listés : 15 fichier(s) 1 382 556 octets 2 Rép(s) 5 043 810 304 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla" "C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe"="C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"="C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 21:03:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 220 - avp.exe 236 - mDNSResponder.e 256 - cmd.exe 260 - cbService.exe 544 - nvsvc32.exe 820 - alg.exe 1092 - csrss.exe 1116 - winlogon.exe 1160 - services.exe 1172 - lsass.exe 1300 - usnsvc.exe 1344 - svchost.exe 1392 - svchost.exe 1516 - svchost.exe 1580 - svchost.exe 1732 - svchost.exe 1868 - aawservice.exe 2112 - thunderbird.exe 2400 - explorer.exe 2768 - cbInterface.exe 2808 - avp.exe 2856 - msnmsgr.exe 2956 - MediaCenter.exe 3020 - firefox.exe 3092 - soffice.bin 3460 - epmworker.exe 3904 - httpd.exe 4052 - Azureus.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 tkrnlpa.exe 806E4000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA778000 - ACPI.sys BADAA000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS BA767000 - pci.sys BA8A8000 - isapnp.sys BA8B8000 - ohci1394.sys BA8C8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS BAE70000 - pciide.sys BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS BA8D8000 - MountMgr.sys BA748000 - ftdisk.sys BADAC000 - dmload.sys BA722000 - dmio.sys BAB30000 - PartMgr.sys BA8E8000 - VolSnap.sys BA70A000 - atapi.sys BA6F3000 - nvata.sys BA8F8000 - disk.sys BA908000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS BA6D3000 - fltmgr.sys BA6C1000 - sr.sys BA918000 - klbg.sys BA928000 - PxHelp20.sys BA6AA000 - KSecDD.sys BA61D000 - Ntfs.sys BA5F0000 - NDIS.sys BA5D6000 - Mup.sys BA0B7000 - kl1.sys BAB38000 - \WINDOWS\system32\drivers\TDI.SYS B9CD6000 - \SystemRoot\System32\DRIVERS ic1394.sys BA9A8000 - \SystemRoot\system32\DRIVERS\AmdK8.sys B9978000 - \SystemRoot\System32\DRIVERS\serial.sys B999D000 - \SystemRoot\System32\DRIVERS\serenum.sys B9964000 - \SystemRoot\System32\DRIVERS\parport.sys BAA98000 - \SystemRoot\System32\DRIVERS\i8042prt.sys BABD8000 - \SystemRoot\System32\DRIVERS\mouclass.sys BABE8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys BABF0000 - \SystemRoot\System32\DRIVERS\usbohci.sys B9940000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS BABF8000 - \SystemRoot\system32\DRIVERS\usbehci.sys BA9D8000 - \SystemRoot\System32\Drivers\Imapi.SYS B9999000 - \SystemRoot\system32\drivers\pfc.sys BA9C8000 - \SystemRoot\System32\DRIVERS\cdrom.sys B9C96000 - \SystemRoot\System32\DRIVERS edbook.sys B991D000 - \SystemRoot\System32\DRIVERS\ks.sys B998D000 - \SystemRoot\System32\DRIVERS vnetbus.sys B98D3000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS B989C000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS B9531000 - \SystemRoot\system32\DRIVERS v4_mini.sys B951D000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS BAE2A000 - \SystemRoot\System32\DRIVERS\ASACPI.sys BA08B000 - \SystemRoot\system32\drivers\atkkbnt.sys BAC00000 - \SystemRoot\system32\DRIVERS\klim5.sys BAFE4000 - \SystemRoot\System32\DRIVERS\audstub.sys B9C76000 - \SystemRoot\System32\DRIVERS asl2tp.sys BA07F000 - \SystemRoot\System32\DRIVERS distapi.sys B9506000 - \SystemRoot\System32\DRIVERS diswan.sys B9C86000 - \SystemRoot\System32\DRIVERS aspppoe.sys BA9B8000 - \SystemRoot\System32\DRIVERS aspptp.sys B94F5000 - \SystemRoot\System32\DRIVERS\psched.sys BA988000 - \SystemRoot\System32\DRIVERS\msgpc.sys BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys BAC10000 - \SystemRoot\System32\DRIVERS aspti.sys B94C5000 - \SystemRoot\System32\DRIVERS dpdr.sys BA998000 - \SystemRoot\System32\DRIVERS ermdd.sys BAE2C000 - \SystemRoot\System32\DRIVERS\swenum.sys B9467000 - \SystemRoot\System32\DRIVERS\update.sys BA06F000 - \SystemRoot\System32\DRIVERS\mssmbios.sys B9411000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys B4CAA000 - \SystemRoot\System32\Drivers\NDProxy.SYS B4C9A000 - \SystemRoot\System32\DRIVERS\usbhub.sys BADAE000 - \SystemRoot\System32\DRIVERS\USBD.SYS B4C8A000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys B1CDC000 - \SystemRoot\system32\DRIVERS\klif.sys B2024000 - \SystemRoot\System32\DRIVERS\usbccgp.sys B1B81000 - \SystemRoot\system32\drivers\c6501.sys B1B5D000 - \SystemRoot\system32\drivers\portcls.sys B1F64000 - \SystemRoot\system32\drivers\drmk.sys BAE16000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS B05D2000 - \SystemRoot\System32\Drivers\Null.SYS BADB6000 - \SystemRoot\System32\Drivers\Beep.SYS B1527000 - \SystemRoot\System32\drivers\vga.sys B1543000 - \SystemRoot\System32\Drivers\mnmdd.SYS AF554000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys AF6BA000 - \SystemRoot\System32\Drivers\Msfs.SYS AF6AA000 - \SystemRoot\System32\Drivers\Npfs.SYS B2694000 - \SystemRoot\System32\DRIVERS asacd.sys AEDAE000 - \SystemRoot\System32\DRIVERS\ipsec.sys AED4B000 - \SystemRoot\System32\DRIVERS cpip.sys AF69A000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS AED23000 - \SystemRoot\System32\DRIVERS etbt.sys AECFD000 - \SystemRoot\System32\DRIVERS\ipnat.sys AECDB000 - \SystemRoot\System32\drivers\afd.sys B0435000 - \SystemRoot\System32\DRIVERS etbios.sys B0405000 - \SystemRoot\System32\DRIVERS\wanarp.sys AECB0000 - \SystemRoot\System32\DRIVERS dbss.sys AEC40000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys B03F5000 - \SystemRoot\System32\DRIVERS\arp1394.sys B03E5000 - \SystemRoot\System32\Drivers\Fips.SYS A9D80000 - \SystemRoot\System32\Drivers\Cdfs.SYS A932E000 - \SystemRoot\System32\Drivers\dump_nvata.sys B266E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys AA44E000 - \SystemRoot\System32\drivers\Dxapi.sys AA242000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAF23000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\atkdisp.dll BFA10000 - \SystemRoot\System32 v4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL B99A9000 - \SystemRoot\System32\DRIVERS disuio.sys A82E0000 - \SystemRoot\System32\DRIVERS\mrxdav.sys BAE34000 - \SystemRoot\System32\Drivers\ParVdm.SYS B264C000 - \??\C:\WINDOWS\system32\drivers\EIO.sys A8216000 - \SystemRoot\System32\DRIVERS\srv.sys A7EB9000 - \SystemRoot\system32\drivers\wdmaud.sys A7FEE000 - \SystemRoot\system32\drivers\sysaudio.sys A7D10000 - \SystemRoot\System32\Drivers\HTTP.sys A288F000 - \SystemRoot\system32\drivers\kmixer.sys BAEC5000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 123 Liste des programmes installes Ad-Aware Archiveur WinRAR Assistant de connexion Windows Live ASUS Enhanced Display Driver ASUS nVIDIA Driver Audacity 1.2.6 AutoUpdate Azureus Vuze Bink and Smacker C-Media 6501 Sound CCleaner (remove only) CDBurnerXP CDex extraction audio Cobian Backup 9 Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB952287) DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player eMule FileZilla (remove only) Freeware PDF Unlocker Gammadyne Mailer Google Earth GTA San Andreas HijackThis 2.0.2 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Kaspersky Anti-Virus 2009 Kaspersky Anti-Virus 2009 Magic ISO Maker v5.3 (build 0221) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 1 - FRA Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 - FRA Microsoft .NET Framework 3.5 (Pre-Release Version) Microsoft .NET Framework 3.5 (Pre-Release Version) Microsoft .NET Framework 3.5 (Pre-Release Version) Language Pack - fra Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Word Viewer 2003 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB938464) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour pour Windows XP (KB951072-v2) Mise à jour pour Windows XP (KB951978) Module linguistique Microsoft .NET Framework 3.5 (version préliminaire) - fra Mozilla Firefox (3.0.1) Mozilla Thunderbird (2.0.0.16) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Music Editing Master Neuf - Media Center Notepad++ NVIDIA Drivers OpenOffice.org 2.2 Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) PDF Settings PDFCreator proDAD Heroglyph 2.5 proDAD Vitascene 1.0 QuickTime Alternative 1.95 Real Alternative 1.60 Replay Media Catcher Sony Ericsson Device Data Sony Ericsson Drivers Sony Ericsson PC Suite Sony Ericsson PC Suite Traduction française pour jetAudio 6.2 VideoLAN VLC media player 0.8.6c WampServer 2.0 WD Diagnostics WebFldrs XP Winamp Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format Runtime Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 Yahoo! Desktop Login Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C06B-FFDC Répertoire de C:\Program Files 09/09/2008 18:16 . 09/09/2008 18:16 .. 27/09/2007 23:28 AdorageI-GfxDatas 27/09/2007 23:28 AdorageI-SAL 01/09/2007 19:27 ASUSTeK 26/11/2007 23:38 Audacity 08/09/2008 19:32 Azureus 23/06/2008 23:02 Bonjour 08/09/2008 21:56 CCleaner 27/09/2007 12:48 CDBurnerXP 27/11/2007 00:27 CDex_170b2 01/09/2007 19:15 C-Media 6501 Sound 03/05/2008 19:02 Cobian Backup 9 01/09/2007 17:37 ComPlus Applications 09/09/2008 18:16 DevGuru 01/09/2007 19:22 DIFX 30/09/2007 00:58 DivX 08/09/2008 19:30 eMule 01/09/2008 23:32 Fichiers communs 05/09/2007 00:00 FileZilla 09/01/2008 17:36 Freeware PDF Unlocker 23/05/2008 23:46 Gammadyne Mailer 04/05/2008 09:48 Google 03/09/2007 23:18 Grisoft 30/08/2008 21:59 Internet Explorer 31/07/2008 20:47 Java 28/11/2007 20:17 JetAudio 01/09/2008 20:18 Kaspersky Lab 01/09/2008 23:33 Lavasoft 27/09/2007 12:45 MagicISO 08/09/2008 21:55 Malwarebytes' Anti-Malware 07/09/2008 22:47 Messenger 01/09/2007 17:39 microsoft frontpage 30/01/2008 13:52 Microsoft Office 30/01/2008 13:45 Microsoft Works 07/09/2008 22:43 Movie Maker 10/09/2008 20:46 Mozilla Firefox 10/09/2008 20:46 Mozilla Thunderbird 27/09/2007 12:44 MSBuild 01/09/2007 17:37 MSN 01/09/2007 17:37 MSN Gaming Zone 11/09/2007 18:26 MSXML 4.0 28/09/2007 00:33 MSXML 6.0 01/06/2008 14:15 Music Editing Master 07/09/2008 22:42 NetMeeting 07/05/2008 12:38 Neuf 04/09/2008 21:26 Notepad++ 02/09/2007 15:15 OpenOffice.org 2.2 07/09/2008 22:42 Outlook Express 09/01/2008 11:38 PDFCreator 27/09/2007 23:30 proDAD 28/11/2007 14:52 QuickTime Alternative 28/11/2007 14:21 RADVideo 05/12/2007 22:00 Real Alternative 27/09/2007 12:44 Reference Assemblies 26/11/2007 21:48 Replay Media Catcher 28/11/2007 14:41 RM-X® Mov To DivX 14/09/2007 22:15 Rockstar Games 01/09/2007 17:37 Services en ligne 10/09/2007 20:09 Sony Ericsson 08/09/2008 18:17 Trend Micro 02/09/2007 16:29 VideoLAN 05/04/2008 17:39 WampServer 2 03/05/2008 18:51 Western Digital 03/05/2008 18:50 Western Digital Technologies 25/11/2007 20:16 Winamp 26/03/2008 11:47 Windows Live 07/09/2008 22:44 Windows Media Player 07/09/2008 22:42 Windows NT 02/09/2007 16:49 WinRAR 01/09/2007 17:39 xerox 0 fichier(s) 0 octets 74 Rép(s) 5 033 771 008 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C06B-FFDC Répertoire de C:\Program Files\fichiers communs 01/09/2008 23:32 . 01/09/2008 23:32 .. 03/05/2008 18:51 InstallShield 02/09/2007 15:14 Java 23/06/2008 22:54 Macrovision Shared 26/03/2008 11:47 Microsoft Shared 01/09/2007 17:37 MSSoap 01/09/2007 18:24 ODBC 01/09/2007 17:37 Services 10/09/2007 20:09 Sony Ericsson Shared 01/09/2007 18:24 SpeechEngines 07/09/2008 22:41 System 24/09/2007 23:12 System-G 10/09/2007 20:11 Teleca Shared 01/09/2008 23:32 Wise Installation Wizard 0 fichier(s) 0 octets 17 Rép(s) 5 033 771 008 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C06B-FFDC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 01/09/2007 17:42 . 01/09/2007 17:42 .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 5 033 771 008 octets libres c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\French\setup.exe c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe c:\Documents and Settings\Bubu\Bureau\ccsetup211.exe c:\Documents and Settings\Bubu\Bureau\HJTInstall.exe c:\Documents and Settings\Bubu\Bureau\Lavasoft_Adaware_multi.exe c:\Documents and Settings\Bubu\Bureau\mbam-setup.exe c:\Documents and Settings\Bubu\Bureau\20071015125552984_driver\Install.exe c:\Documents and Settings\Bubu\Bureau\20071015125552984_driver\Uninstall.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Bubu\Bureau\DiagHelp ar.exe c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\auxsetup.exe c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\vdub.exe c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\VirtualDub.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_nfryvllqiqb1hla4nzefaejvhwflc2o0 c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\Setup.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032 edist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032 edist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032 edist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032 edist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032 edist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\Setup.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456 edist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456 edist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456 edist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456 edist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456 edist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\Setup.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064 edist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064 edist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064 edist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064 edist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064 edist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Bubu\Local Settings\Temp\_is2.exe c:\Documents and Settings\Bubu\Local Settings\Temp\_is4.exe c:\Documents and Settings\Bubu\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe c:\Documents and Settings\Bubu\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe c:\Documents and Settings\Bubu\Local Settings\Temp pp.5.0.3.Installer.exe c:\Documents and Settings\Bubu\Local Settings\Temp\xmlUpdater.exe c:\Documents and Settings\Bubu\Local Settings\Temp\IXP000.TMP\OSE.EXE c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher1848\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\StagingArea\1423.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\StagingArea\1732.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2584\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2664\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2904\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher3168\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher380\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher380\StagingArea\4185.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher3992\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher492\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher536\RTPatch\patch.exe c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher696\RTPatch\patch.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Bubu\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ZEUS.tar.gz a l'adresse http://upload.malekal.com ENCORE MERCI

Bubu · Answer

10/09/2008 ---- 21:25:45,67  

----------------------------------
§§§§§§ [dkrahuhy.exe] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************


[HKEY_USERS\S-1-5-21-1343024091-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"MntDbCfg"="C:\WINDOWS\system32\dkrahuhy.exe"

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

ep44 · Answer

Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

REGEDIT4

[HKEY_USERS\S-1-5-21-1343024091-2077806209-725345543-1003\So­ftware\Microsoft\Windows\CurrentVersion\Run]
"MntDbCfg"=-
    


Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"


quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"


télécharge GenProc de Lazzzy et Narco4 sur ton Bureau

http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

dé zippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

Bubu · Answer

J'ai executé ta commande .reg

Du coté de GenProc, voici le résultat:
GenProc 2.025 [3] 10/09/2008 - Windows [XP] : Aucune infection caractéristique trouvée  

Suis-je sain et sauf ;-)

Merci merci bcp pour l'aide
Bubu

ep44 · Answer

ce n'est pas fini :)

Je te propose une chose,
Télécharge Antivir, installe et lance le en mode sans échec pour faire un scan une fois fini tu le supprime et poste son rapport.

Pour télécharger Antivir ==> http://www.swl1f.net/viewtopic.php?f=14&t=59
Ensuite télécharge les mise à jours que tu installera manuellement aussi en mode sans échec ==> http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
pour instaler les mises à jours tu feras Update > Manual Update > tu iras chercher les mises à jours à l'emplacement de ton téléchargement et tu clique ensuite sur ouvrir, la mise à jour s'effectuera.
Ensuite assure toi que la recherche de rootkit soit activé, dans ce cas fait :
Configuration > Coche expert mode > Scan et coche la case "search for rootkit before scan"
Une fois fait lance le scan en cliquant sur "scan systèm now"

Bubu · Answer

Scan Antivir



Avira AntiVir Personal
Report file date: mercredi 10 septembre 2008  23:10

Scanning for 1608238 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 3)  [5.1.2600]
Boot mode:        Save mode
Username:         Bubu
Computer name:    ZEUS

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes  12/08/2008 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  26/06/2008 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 12:36:36
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 13:53:28
ANTIVIR2.VDF  : 7.0.6.94     2998784 Bytes  31/08/2008 15:53:44
ANTIVIR3.VDF  : 7.0.6.142     314368 Bytes  10/09/2008 16:28:46
Engineversion : 8.1.1.28  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  02/04/2008 12:36:34
AESCRIPT.DLL  : 8.1.0.70      319866 Bytes  03/09/2008 14:22:34
AESCN.DLL     : 8.1.0.23      119156 Bytes  15/07/2008 13:58:46
AERDL.DLL     : 8.1.1.1       397683 Bytes  03/09/2008 14:22:34
AEPACK.DLL    : 8.1.2.1       364917 Bytes  15/07/2008 13:58:46
AEOFFICE.DLL  : 8.1.0.23      196987 Bytes  03/09/2008 14:22:34
AEHEUR.DLL    : 8.1.0.51     1397111 Bytes  03/09/2008 14:22:34
AEHELP.DLL    : 8.1.0.15      115063 Bytes  29/05/2008 12:08:42
AEGEN.DLL     : 8.1.0.36      315764 Bytes  18/08/2008 16:05:36
AEEMU.DLL     : 8.1.0.7       430452 Bytes  31/07/2008 12:02:16
AECORE.DLL    : 8.1.1.11      172406 Bytes  03/09/2008 14:22:32
AEBB.DLL      : 8.1.0.1        53617 Bytes  18/07/2008 09:20:50
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 7.0.0.1       155688 Bytes  30/06/2008 14:35:20
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 10 septembre 2008  23:10

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
Begin scan in 'E:\'


End of the scan: jeudi 11 septembre 2008  00:16
Used time:  1:05:58 Hour(s)

The scan has been done completely.

  12502 Scanning directories
 478511 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 478510 Files not concerned
   2027 Archives were scanned
      5 Warnings
      0 Notes

Merci encore

ep44 · Answer

Bonsoir 

As tu encore des soucis ? 
Comment ce comporte ton PC ?

Bubu · Answer

Salut,

Je ne rencontre pas de problème.

Le PC et windows tourne normalement.

Le seul truc intriguant, c'est que le fichier C:\WINDOWS\system32\dkrahuhy.exe, introuvable, reste mentionner dans le HijackThis...

Penses-tu que ma "désinfection" s'arrête là ?

En tout cas, merci beaucoup à toi pour ton aide !
Très agréable de pouvoir avoir un coup de main !!!

Merci ep44 et vive CommentCaMarche

ep44 · Answer

Attend ce n'est pas fini ;)

reposte un nouveau rapport HijackThis stp

Bubu · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:37, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

ep44 · Answer

ok toujours là

Relance HijackThis et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases 

O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe 

Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" 

ensuite reposte un rapport HijackThis stp

Bubu · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:16, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

ep44 · Answer

Bon très bien pour celui_ci mais j'en ai oublié un :(

Relance HijackThis et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases 

O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe 

Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" 

Ensuite 
Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe 
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

Bubu · Answer

File/Folder C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Bubu\LOCALS~1\Temp\etilqs_mecVtGpyM0nV4H7OG0d8 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFA2CA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFA31E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFB128.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFCE53.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFD135.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~2b7246a1.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~2b724de9.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1c823163.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1c82391b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1cc4a26f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1cc4aee5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1cf99ce6.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1cf9a6a8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1d00b5f9.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~b1d00c07c.htp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09112008_221859

Files moved on Reboot...
File C:\DOCUME~1\Bubu\LOCALS~1\Temp\etilqs_mecVtGpyM0nV4H7OG0d8 not found!
File C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFA2CA.tmp not found!
File C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFA31E.tmp not found!
C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFB128.tmp moved successfully.
File C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFCE53.tmp not found!
File C:\DOCUME~1\Bubu\LOCALS~1\Temp\~DFD135.tmp not found!
File C:\WINDOWS	emp\cch~2b7246a1.htp not found!
File C:\WINDOWS	emp\cch~2b724de9.htp not found!
File C:\WINDOWS	emp\cch~b1c823163.htp not found!
File C:\WINDOWS	emp\cch~b1c82391b.htp not found!
File C:\WINDOWS	emp\cch~b1cc4a26f.htp not found!
File C:\WINDOWS	emp\cch~b1cc4aee5.htp not found!
File C:\WINDOWS	emp\cch~b1cf99ce6.htp not found!
File C:\WINDOWS	emp\cch~b1cf9a6a8.htp not found!
File C:\WINDOWS	emp\cch~b1d00b5f9.htp not found!
File C:\WINDOWS	emp\cch~b1d00c07c.htp not found!

ep44 · Answer

pour vérif 

Télécharge OAD  http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : AdobeFlashPlayerExt.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Bubu · Answer

11/09/2008 ---- 22:56:07,32  

----------------------------------
§§§§§§ [AdobeFlashPlayerExt.exe] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

ep44 · Answer

ok très bien as tu encore des soucis ?

Bubu · Answer

Non !!

Merci tout est bon !

Encore une fois merci beaucoup !!!

ep44 · Answer

Télécharge ATF Cleaner par Atribune.  <== Tu pourras garder ce logiciel pour une utilisation régulière.
http://www.atribune.org/ccount/click.php?id=1

      Double-clique ATF-Cleaner.exe afin de lancer le programme.
      Sous l'onglet Main, choisis : Select All
      Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

      Clique Firefox au haut et choisis : Select All
      Clique le bouton Empty Selected
      NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

      Clique Opera au haut et choisis : Select All
      Clique le bouton Empty Selected
      NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus. 


ensuite ce logiciel va t'aider a supprimer les outils utiliser 

 Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://pc-system.fr/

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

ensuite fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..



      Pense aussi à faire tes mises à jours régulièrement

      Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      Java : ==> ici => https://www.java.com/fr/download/

      Ces mises à jours sont très importantes pour la sécurité de ton PC.



      N'installe qu'un seul parefeu !!
      et bien sur qu'un antivirus

      N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

    * Tu peux aussi utiliser ces logiciels de sécurité

      Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
      Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

      Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
     Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66




    * Ensuite quelques conseils
      L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67



    * le navigateur

      Essaye le navigateur Firefox plus sur/securisé qu IE
      Firefox n'utilise pas le dangereux protocole ActiveX
    * Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
    * Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/



      Important
      Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur





    * Pour que ton pc retrouve un peu de jeunesse
    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.
    * Gère tes services grâce a ces 2 liens
      ==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
    * Utilise Zeb Utility
      une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
      Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
      Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html






Et pour finir


Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).


* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé 

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+

Bubu · Answer

J'ai suivi tous tes conseils! 

Merci encore à toi et à l'équipe commentçamarche !!!

yspodo · Answer

bonjour, j'ai moi aussi ce genre de souci... pourtant j'ai tout bien lu, j'ai fait :
- un malwaresbyte's en mse, et il n'a rien trouvé (???) alors qu'aux 2 précédents tours, il y en avait 16 (copie des rapports ci-après)
- un ccleaner (en mse  aussi, du coup), où il a viré plein de trucs
- un hijack (rapport ci après aussi, mais plus loin)

si quelqu'un a une idée, voire une solution, je le bénis d'avance sur 7 générations (je sais pas si ça sert à quelque chose, mais ça doit pas faire de mal...)

rapport Malwaresbyte's :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1223
Windows 5.1.2600 Service Pack 3

30/09/2008 13:37:41
mbam-log-2008-09-30 (13-37-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 24590
Temps écoulé: 4 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

*************
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1203
Windows 5.1.2600 Service Pack 3

29/09/2008 11:18:22
mbam-log-2008-09-29 (11-18-22).txt

Type de recherche: Examen complet (C:\|D:\|E:\|H:\|I:\|J:\|)
Eléments examinés: 170223
Temps écoulé: 2 hour(s), 59 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 65

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	emp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

********************
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1223
Windows 5.1.2600 Service Pack 3

30/09/2008 12:05:33
mbam-log-2008-09-30 (12-05-33).txt

Type de recherche: Examen complet (C:\|D:\|E:\|H:\|I:\|J:\|)
Eléments examinés: 169797
Temps écoulé: 2 hour(s), 0 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shhlpgen (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\votarsxi.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015291.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015292.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015293.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015294.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015296.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015297.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015298.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015299.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015300.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015301.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015302.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015303.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015304.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1475F9D3-F128-4F9B-AE31-B58EFC494E56}\RP40\A0015295.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.





rapport hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:44, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro	ype32.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lubuvebk.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MICROS~3apimgr.exe
C:\Documents and Settings\Propriétaire\Mes documents\Utilitaires\Logiciels Utilitaires\appbar.exe
C:\Program Files\Vg\VirtuaGirl2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://193.251.185.17/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88B46DC9-F235-47D9-BEE6-61E2BB0DA8AD} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A1C308B2-0D6D-43F5-8E03-D06C06F517F4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro	ype32.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [comui] C:\WINDOWS\system32\lubuvebk.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: appbar.exe.lnk = ?
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0esources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ktogol.dll
O20 - Winlogon Notify: jkkJdefd - C:\WINDOWS\
O21 - SSODL: uiproc - {36659462-3FCE-2E93-FA87-04DC6B48E2E7} - C:\Program Files\jeljdj\uiproc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Infecté par 4 trojans

40 réponses

Discussions similaires