Help ! Win32 Trojan Gen

vftp Messages postés 6 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

J'ai réinstallé un vieux jeu ( avec un CD original je précise..) en l'occurrence VIETCONG

Pas de soucis à l'installation, par contre en voulant jouer quand on clique sur le raccourci de lancement AVAST me détecte un virus "Win32TrojanGen" => C:\DOCUME~1\Vincent\LOCALS~1\Temp\SIntfNT.dll

J'ai vu un peu le forum et les conseils donnés mais j'ai aussi vu que c'est différent à chaque fois donc je ne veux pas faire de fausse manip..

Qui pourrait m'aider svp ?

Merci par avance
A voir également:

16 réponses

Réponse 1 / 16
vftp
 
çà tourne, çà tourne... dejà 2h36 et toujours pas de "rouge"...
à tout à l'heure
0
Réponse 2 / 16
vftp
 
voilà le rapport de malwarebytes :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1227
Windows 5.1.2600 Service Pack 3

04/10/2008 13:08:07
mbam-log-2008-10-04 (13-08-07).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 165478
Temps écoulé: 2 hour(s), 41 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 3 / 16
vftp
 
le scan de combofix il faut le faire en mode sans echec ( av et as désactivés par défaut ) ou en nomral ?
0
Réponse 4 / 16
Utilisateur anonyme
 
Bonjour,

-Telecharge Hijackthis--> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

-Double clique sur le .exe ensuite sur "Do a system scan and save a logfile"

-Un rapport va etre generer

-Poste ce rapport
-1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
vftp Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
dejà merci de t'occupper de moi si vite ! voilà le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:21, on 04/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2153c0bdb466ec0d3a15/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - https://iplay.fr.toontown.com/download/sv1.5.20.15/ttinst-french.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_beta/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-1
Réponse 6 / 16
Utilisateur anonyme
 
-Telecharge MBAM--> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

-Suis ce tuto--> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

-Execute un scan complet en mode sans echec

-Supprime tout ce qu'il te trouve (liste en rouge)

-Poste le rapport
-1
Réponse 7 / 16
Utilisateur anonyme
 
Ok,

Je donnerais les consignes une fois le rapport de MBAM posté
-1
Réponse 8 / 16
Utilisateur anonyme
 
-Désactive tes protections residentes,(Antivirus, Antispywares) puis :

-Télécharge Combofix sUBs : combofix.exe

-sauvegarde le sur ton bureau et pas ailleurs!

-Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

*****************************

-Poste un nouveau rapport HiJackThis.
-1
Réponse 9 / 16
Utilisateur anonyme
 
Combofix est a faire en mode normal !!
-1
Réponse 10 / 16
vftp Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
voilà combofix, je fais hijackthis



ComboFix 08-10-03.06 - Vincent 2008-10-04 14:26:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.648 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Vincent\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vincent\Cookies\vincent@a.hasbro[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@clicktorrent[1].txt
C:\Documents and Settings\Vincent\Cookies\vincent@edt02[3].txt
C:\Documents and Settings\Vincent\Cookies\vincent@erreurchasseur[1].txt
C:\Documents and Settings\Vincent\Cookies\vincent@esearchvision[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@fnac[1].txt
C:\Documents and Settings\Vincent\Cookies\vincent@fr.ebayrtm[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@insightexpressai[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@linternaute[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@serving-sys[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@serving-sys[3].txt
C:\Documents and Settings\Vincent\Cookies\vincent@tracker.affistats[1].txt
C:\Documents and Settings\Vincent\Cookies\vincent@uk.ebayrtm[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@web2.checkm8[1].txt
C:\Documents and Settings\Vincent\Cookies\vincent@www.photo-de-classe[2].txt
C:\Documents and Settings\Vincent\Cookies\vincent@www.pixmania[1].txt
C:\Documents and Settings\Vincent\Cookies\vincent@wysistat[2].txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 ))))))))))))))))))))))))))))))))))))
.

2008-09-29 10:28 . 2008-09-29 10:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-29 10:28 . 2008-09-29 10:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-28 12:38 . 2008-09-28 12:38 <REP> d-------- C:\Program Files\Auslogics
2008-09-27 09:32 . 2008-10-04 10:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 09:32 . 2008-09-27 09:32 <REP> d-------- C:\Documents and Settings\Vincent\Application Data\Malwarebytes
2008-09-27 09:32 . 2008-09-27 09:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 09:32 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 09:32 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 09:26 . 2008-09-27 09:26 <REP> d-------- C:\Program Files\Trend Micro
2008-09-27 09:26 . 2008-09-27 09:26 812,344 --a------ C:\Documents and Settings\Hijackthis.exe
2008-09-27 09:24 . 2008-09-27 12:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-27 09:21 . 2008-09-27 09:35 <REP> d-------- C:\Program Files\Trojan Remover
2008-09-27 09:21 . 2008-09-27 09:21 <REP> d-------- C:\Documents and Settings\Vincent\Application Data\Simply Super Software
2008-09-27 09:21 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-27 09:21 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-27 08:57 . 2008-09-27 08:57 88 --a------ C:\WINDOWS\Kit.ini
2008-09-25 07:35 . 2008-09-25 07:35 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-25 07:35 . 2008-09-25 07:35 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-23 07:07 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-09-23 07:07 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-23 07:07 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-09-23 07:07 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-23 07:06 . 2008-04-14 04:33 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-09-23 07:06 . 2008-04-14 04:33 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-09-23 07:06 . 2008-04-14 04:34 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-09-23 07:06 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-23 07:05 . 2008-04-14 04:33 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-23 07:05 . 2004-08-04 07:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-23 07:05 . 2008-04-14 04:33 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-23 07:05 . 2008-04-14 04:33 293,376 --------- C:\WINDOWS\system32\qagentrt.dll
2008-09-23 07:05 . 2008-04-14 04:33 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-09-23 07:05 . 2008-04-14 04:33 151,040 --------- C:\WINDOWS\system32\qagent.dll
2008-09-23 07:05 . 2008-04-14 04:33 144,896 --------- C:\WINDOWS\system32\onex.dll
2008-09-23 07:05 . 2008-04-14 04:33 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-09-23 07:05 . 2008-04-14 04:33 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-09-23 07:05 . 2008-04-14 04:33 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-09-23 07:03 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-23 07:02 . 2008-04-14 04:33 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-09-23 07:02 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-23 07:02 . 2008-04-14 04:33 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-09-23 07:02 . 2008-04-14 04:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 19:35 . 2008-09-20 19:34 19,621,829 --a------ C:\WINDOWS\LPT$VPN.555
2008-09-20 19:34 . 2008-09-20 19:34 19,621,829 --a------ C:\WINDOWS\VPTNFILE.555
2008-09-20 19:22 . 2008-09-20 19:34 <REP> d-------- C:\WINDOWS\AU_Temp
2008-09-20 15:23 . 2008-09-20 15:24 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-09-20 13:37 . 2008-09-20 13:37 <REP> d-------- C:\Documents and Settings\Vincent\Application Data\ATI
2008-09-20 12:41 . 2008-09-20 12:41 <REP> d-------- C:\Documents and Settings\Théo\Application Data\ATI
2008-09-20 12:41 . 2008-09-20 12:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-09-20 12:36 . 2008-09-20 12:36 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-09-20 12:21 . 2008-09-20 12:21 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-09-20 12:12 . 2008-03-12 22:47 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-09-20 12:12 . 2008-03-12 22:47 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-09-20 12:12 . 2008-03-12 22:47 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-09-20 12:12 . 2008-03-12 16:14 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-20 12:12 . 2008-03-12 23:17 372,736 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-09-20 12:12 . 2008-03-12 23:18 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-09-20 12:12 . 2008-03-06 16:40 168,883 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-09-20 12:12 . 2008-01-21 15:48 12,477 -ra------ C:\WINDOWS\atiogl.xml
2008-09-20 12:12 . 2007-08-31 15:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-09-20 12:11 . 2008-09-20 12:30 <REP> d-------- C:\Program Files\ATI Technologies
2008-09-20 12:09 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-20 12:09 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 07:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-10-03 19:32 --------- d-----w C:\Program Files\Wanadoo
2008-09-28 12:36 63,368 ----a-w C:\Documents and Settings\Vincent\Application Data\GDIPFONTCACHEV1.DAT
2008-09-28 10:42 --------- d-----w C:\Documents and Settings\Vincent\Application Data\Auslogics
2008-09-28 09:19 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2008-09-27 16:55 --------- d-----w C:\Program Files\MSN Messenger
2008-09-26 23:32 --------- d-----w C:\Program Files\AxBx
2008-09-22 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-09-22 08:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-21 22:48 --------- d-----w C:\Program Files\NCH Swift Sound
2008-09-20 17:34 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-09-20 17:34 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-09-20 12:11 --------- d-----w C:\Program Files\Oberon Media
2008-09-20 12:11 --------- d-----w C:\Program Files\GameHouse
2008-09-20 12:10 --------- d-----w C:\Program Files\GRETECH
2008-09-20 12:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-20 12:09 --------- d-----w C:\Program Files\Canon
2008-08-16 17:49 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-08-16 17:49 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-08-10 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
2008-08-10 17:50 --------- d-----w C:\Program Files\IncrediMail
2008-08-10 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-03-25 16:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-16 06:18 14 ----a-w C:\Documents and Settings\Vincent\getfile.dat
2006-01-15 08:59 465 ----a-w C:\Program Files\Raccourci vers AutoGK.lnk
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe
2007-04-16 15:53 384 --sh--r C:\WINDOWS\inf\sdatabl.sav.bin
2006-01-14 18:54 56 --sh--r C:\WINDOWS\system32\DC15CD371B.sys
2006-01-14 18:54 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2007-11-13 91136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-27 922192]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= msaud32_divx.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe
"Dit"=Dit.exe
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"eCarteBleue-PREM"="C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA PREMIER\ECB-PREM.exe" /dontopenmycards
"Dit"=Dit.exe
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Vietcong\\vietcong.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"D:\\Azureus\\Azureus.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-04-14 13440]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 jbridgep;jbridgep;C:\DOCUME~1\Vincent\LOCALS~1\Temp\jbridgep.sys [ ]
S3 NUVision;Pinnacle Fusion Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a03df6-e9f0-11db-8499-00604cb06b84}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2ca68b2-7c29-11dd-86b8-000c76ad3ccb}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ge1c9h1u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 14:32:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-10-04 14:38:13
ComboFix-quarantined-files.txt 2008-10-04 12:37:09

Avant-CF: 21 498 036 224 octets libres
Après-CF: 21,533,413,376 octets libres

275 --- E O F --- 2008-09-27 06:52:18
-1
Réponse 11 / 16
vftp Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
et hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:29, on 04/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - https://iplay.fr.toontown.com/download/sv1.5.20.15/ttinst-french.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_beta/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-1
Réponse 12 / 16
Utilisateur anonyme
 
Ok ton rapport es propre , tu n'a aucun soucis a part avast qui s'epoumone ? sinon,

-Fait exactement ce qu'il y a d'indiquer ici--> https://forum.pcastuces.com/sujet.asp?f=25&s=31584&page=1

-Poste le rapport
-1
Réponse 13 / 16
vftp Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
ok - merci beaucoup en tout cas. quele est la meilleure solution d'antivirus ? gratuite ou pas trop chère ?
-1
Réponse 14 / 16
Utilisateur anonyme
 
Bonjour,

Disons que tu peux tres bien acheter un antivirus, mais il en existe des gratuits et performants--> Avira Antivir <-- je te le conseille, dis moi si tu veux le lien de telechargement et un tuto !?

-1
Réponse 15 / 16
vftp Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
avec plaisir si çà me change vraiment la vie par rapport à Avast ?
merci en tout cas
-1
Réponse 16 / 16
Utilisateur anonyme
 
Lien de telechargement d'Avira Antivir en francais-->

http://dlce.antivir.com/down/windows/antivir_workstation_winu_fr_h.exe

-Tuto pour bien l'installer et le configurer--> https://www.malekal.com/avira-free-security-antivirus-gratuit/

Je l'ai et je suis satisfait !

-Article Antivir vs Avast!--> http://forum.malekal.com/ftopic3528.php



-1

Discussions similaires

win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses