[RESOLU]Cheval de troie increvable downlauder-bcf

[Dju188]

je crois que j'ai parler trop vite, mon fichier services.exe me bouffe de nouveau tout mon UC, je ne comprend pas pourquoi, sa depend parfois il me bouffe mon UC parfois il se tient tranquil, franchement je suis vraiment desolé que sa continue, pourquoi est ce que mon fichier "services.exe" me boufferait il autant de memoire?

 

Je suis vraiment desolé de continuer a vous emebter avec sa....

 

je vous met mon rapport HIJACKTHIS. et je lance un scan kaspersky en prevention.

 

Mon SCAN HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:53:14, on 9/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Julien\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 9894 bytes

 

 

voila j'editereais mon message(celui-ci) et je mettrai la rapport kaspersky en dessus de celui d'hijackthis.

 

encor desolé de continuer a t'embeter Bruce lee, merci de m'aider encor..Une derniere chose, spybot plantais a chaque fois que je voulais le lancer, je ne sais pas pourquoi (sans reponse) et la seul moyen de le quitter (gestionnaire des taches -> fin de tache ) donc je vien de le retelecharger et de le reinstallé ^^

 

Cordialement

 

EDIT n°: 1

 

Voila ma page bleu de plantage de windows vient de revenir, mon scan kaspersky a donc ete interrompu je vais le recommencer mtn, mais cette fois j'ai les informations technique de l'erreur je vous les met:

 

***STOP 0x000000D1 (0x00000004, 0x00000002, 0x00000001, 0x88E38DCA)

 

Voila, je ne suis pas sur a chque fois du nombre d'espace entre les differentes parties.

 

 

EDIT n°: 2

 

voila mon rapport kaspersky (toujours infecté par un virus d'apres lui)

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, March 09, 2008 10:12:25 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 9/03/2008

Kaspersky Anti-Virus database records: 619352

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

V:\

 

Scan Statistics:

Total number of scanned objects: 38454

Number of viruses found: 1

Number of infected objects: 1

Number of suspicious objects: 0

Duration of the scan process: 00:57:57

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Julien\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Julien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Julien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Julien\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Julien\Local Settings\Historique\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped

C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Julien\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Julien\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Julien\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\sw_ae-20080309-210838.log Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP127\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2F3DBB3C-C2FF-4BDA-A6E2-2BB52AD9A7EC}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\bdss.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\bca4e2da.$$$ Object is locked skipped

C:\WINDOWS\Temp\fa56d7ec.$$$ Object is locked skipped

C:\WINDOWS\Temp\tmp000062e5\tmp00000000 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

Modifié le 9 mars 2008 par Dju188

[bruce lee]

Re,

 

Ce que detecte Kapsersky c'est:

 

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

 

Rien de méchant

 

1. Télécharge combofix.exe (par sUBs) ici :

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

 

sur ton Bureau.

 

2. Double clique sur combofix.exe puis tape 1 pour lancer le scan.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

[Dju188]

ComboFix 08-03-09.4 - Julien 2008-03-10 16:36:17.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.998 [GMT 1:00]

Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

The following files were disabled during the run:

C:\WINDOWS\system32\sockspy.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Julien\Application Data\Adssite Advanced Toolbar

C:\Documents and Settings\Julien\Application Data\Adssite Advanced Toolbar\selected.xml

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-07 16:49 . 2008-03-07 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-07 16:48 . 2008-03-07 16:48 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-06 20:27 . 2008-03-06 20:27 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Grisoft

2008-03-06 20:27 . 2008-03-06 20:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-06 20:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-06 16:57 . 2008-03-06 16:58 <REP> d-------- C:\WINDOWS\ERUNT

2008-03-06 16:53 . 2008-03-08 20:37 <REP> d-------- C:\SDFix

2008-03-05 16:56 . 2008-03-09 21:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-05 16:56 . 2008-03-09 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-04 21:42 . 2008-03-04 21:54 <REP> d-------- C:\Program Files\a-squared Free

2008-03-04 17:48 . 2008-03-07 16:45 <REP> d-------- C:\Program Files\Trojan Remover

2008-03-04 16:38 . 2008-03-04 16:38 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment

2008-03-04 16:31 . 2008-03-09 11:59 <REP> d-------- C:\Program Files\World of Warcraft

2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-02-17 21:42 . 2008-02-17 21:42 <REP> d-------- C:\WINDOWS\Sun

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-10 15:37 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2008-03-09 13:40 --------- d-----w C:\Documents and Settings\Julien\Application Data\teamspeak2

2008-03-09 12:17 --------- d-----w C:\Program Files\Xfire

2008-03-09 09:37 --------- d-----w C:\Documents and Settings\Julien\Application Data\Xfire

2008-03-06 21:35 --------- d-----w C:\Program Files\Java

2008-03-06 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-03-05 18:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-05 13:10 --------- d-----w C:\Program Files\LucasArts

2008-03-05 13:10 --------- d-----w C:\Documents and Settings\Julien\Application Data\Petroglyph

2008-03-05 13:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-03 15:24 --------- d-----w C:\Program Files\GWFreaks

2008-03-03 15:24 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4

2008-02-29 19:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-29 19:17 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-02-26 19:46 --------- d-----w C:\Documents and Settings\Julien\Application Data\Azureus

2008-02-23 17:38 22,086,056 ----a-w C:\Program Files\wmplayer 2008-02-23 18-37-52-81.avi

2008-02-23 17:36 8,687,064 ----a-w C:\Program Files\wmplayer 2008-02-23 18-36-16-00.avi

2008-02-23 17:36 19,379,544 ----a-w C:\Program Files\wmplayer 2008-02-23 18-36-01-39.avi

2008-02-23 17:36 14,675,216 ----a-w C:\Program Files\wmplayer 2008-02-23 18-36-26-70.avi

2008-02-23 17:35 9,357,152 ----a-w C:\Program Files\wmplayer 2008-02-23 18-35-52-85.avi

2008-02-23 17:33 2,481,352 ----a-w C:\Program Files\wmplayer 2008-02-23 18-33-02-90.avi

2008-02-23 17:33 15,601,104 ----a-w C:\Program Files\wmplayer 2008-02-23 18-33-17-26.avi

2008-02-23 17:33 1,846,760 ----a-w C:\Program Files\wmplayer 2008-02-23 18-32-59-17.avi

2008-02-23 17:32 846,760 ----a-w C:\Program Files\wmplayer 2008-02-23 18-32-57-17.avi

2008-02-23 17:32 115,992 ----a-w C:\Program Files\wmplayer 2008-02-23 18-32-55-26.avi

2008-02-23 17:32 1,098,232 ----a-w C:\Program Files\wmplayer 2008-02-23 18-32-53-28.avi

2008-02-09 17:58 --------- d-----w C:\Program Files\Game Cam v1.4

2008-02-05 21:35 --------- d-----w C:\Program Files\Alcohol Soft

2008-02-05 21:33 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-28 20:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-01-14 17:19 308,752,336 ----a-w C:\Program Files\Gw 2008-01-14 18-18-30-07.avi

2008-01-14 17:17 15,222,384 ----a-w C:\Program Files\Gw 2008-01-14 18-17-24-34.avi

2008-01-14 17:16 75,366,256 ----a-w C:\Program Files\Gw 2008-01-14 18-16-01-25.avi

2008-01-14 17:15 605,880 ----a-w C:\Program Files\Gw 2008-01-14 18-15-59-60.avi

2008-01-14 17:15 1,832,152 ----a-w C:\Program Files\Gw 2008-01-14 18-15-56-93.avi

2008-01-13 09:07 4 --sh--r C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat

2008-01-13 09:07 --------- d-----w C:\Program Files\plasq

2008-01-13 09:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-01-04 15:06 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-12-31 12:19 245,653,864 ----a-w C:\Program Files\CoD2MP_s 2007-12-31 13-19-03-85.avi

2007-12-31 12:19 227,214,496 ----a-w C:\Program Files\CoD2MP_s 2007-12-31 13-18-32-26.avi

2007-12-20 17:47 42,265,624 ----a-w C:\Program Files\Gw 2007-12-20 18-47-09-85.avi

2007-12-20 17:30 93 ----a-w C:\Program Files\FRAPSLOG.TXT

2007-10-22 15:52 34,552 ----a-w C:\Program Files\uninstall.exe

2007-09-11 09:19 908,968 ----a-w C:\Program Files\fraps.exe

2007-09-11 09:17 163,840 ----a-w C:\Program Files\fraps.dll

2007-09-11 09:17 104,448 ----a-w C:\Program Files\fraps64.dll

2007-09-11 09:17 1,683,968 ----a-w C:\Program Files\fraps64.dat

2007-09-11 09:16 135,168 ----a-w C:\Program Files\frapslcd.dll

2007-09-11 08:01 12,194 ----a-w C:\Program Files\changes.txt

2007-09-11 04:39 1,840 ----a-w C:\Program Files\README.HTM

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-25 14:46 68856]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 08:09 221056]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48 1388544]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]

"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 15:48 290816]

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]

"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [ ]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]

"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [ ]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1234:UDP"= 1234:UDP:Star Wars®: Empire at War: Forces of Corruption

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 03:47]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 02:40]

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-09-28 08:44:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 16:39:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\sockspy.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\sockspy.dll

.

Temps d'accomplissement: 2008-03-10 16:41:14

ComboFix-quarantined-files.txt 2008-03-10 15:40:44

.

2008-03-09 12:33:36 --- E O F ---

 

 

et voila mon scan, aurais tu une idée sur le ode d'erreur que je t'ai donné? si nn c pas grave.

 

Cordialement Dju

[bruce lee]

Re,

 

Non, pas d'idée sur le code que tu m'as donné.

 

C'est clean. As-tu encore des problèmes avec ton PC?

[Dju188]

nn sa a l'air de marcher pour de bon cette fois si ^^ merci pour ton aide qui m'a ete precieuse, je te souhaite une bonne soirée et ++

 

Cordialement

[bruce lee]

Re,

 

Bonne nouvelle

 

@+