Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Aide pour supprimer Trojan + Hijackthis

Westzup

Par Westzup
dans Analyses et éradication malwares

 Partager

Messages recommandés

Westzup Member

Westzup

Posté(e)
Posté(e) (modifié)

Bonjour à tous ,

 

Jai quelques problemes depuit quelques temps avec mon pc , Chaque 5 min environ jai un pop-up

 

avec Trojan-spy.win32.keyLogger.aa (

 

http://img375.imageshack.us/my.php?image=monproblemeay8.png ) et

 

Trojan-downloader.win32.agent.bq ( http://img517.imageshack.us/my.php?image=pobleme2xw0.png )

 

et plus rarement d'autres trucs du genre ''green screen , et bank security (pas sure du nom

 

exacte)''. J'aimerait que quelqun m'explique comment faire pour supprimer c'est Trucs svp .

 

Merci .

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:06:35, on 2008-10-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:06:35, on 2008-10-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\xebklanu.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\mspaint.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe

C:\WINDOWS\system32\xebklanu.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

 

http://www.shoptoshiba.ca/welcome

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

 

Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

 

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program

 

Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

 

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom

 

TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers

 

communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers

 

communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common

 

Files\Motive\motivebrowser.exe" /hidden

O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application

 

Data\LICENSE ADMIN OPTION BIB\dent draw.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [army dog] C:\DOCUME~1\GUILLA~1\APPLIC~1\BLUELI~1\poke show.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinMonApp] C:\WINDOWS\system32\xebklanu.exe

O4 - HKLM\..\Policies\Explorer\Run: [zw12ZFYQ7k] C:\Documents and Settings\All

 

Users\Application Data\zgtafeng\bgnotahq.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: .security

O4 - Global Startup: .security

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Documents and Settings\marilou

 

hayes\Bureau\PsnLite.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

 

http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

 

http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

 

http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -

 

http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) -

 

http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

 

Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: UtilApiAdm - {73461C55-B485-B99F-56A3-04250DC159A5} - C:\Program

 

Files\bsnmjib\UtilApiAdm.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

 

Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -

 

C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

 

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program

 

Files\BufferZone\CLNTSVC.EXE (file missing)

O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program

 

Files\BufferZone\BZDCOMLAUNCH.EXE (file missing)

O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program

 

Files\BufferZone\BZRPCSS.EXE (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program

 

Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -

 

C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

 

Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

 

--

End of file - 10286 bytes

Modifié par Westzup

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Bienvenue sur les forums de Zébulon.

 

Voici quelques renseignements utiles avant de commencer:

 

  • *
Comment participer à un forum
*Retrouver ses messages et activer la notification par email

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

 

Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Sous Vista: Clic droit/exécuter en temps qu'administrateur ***

 

Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

@+

Westzup Member

Westzup

Posté(e)
  • Auteur
Posté(e)

Merci de ton aide ! :P voici le rapport que tu a demander >

 

 

 

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.50GHz )

BIOS : Ver 1.00PARTTBL

USER : guillaume ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total : 55 Go Free : 26 Go

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )

Option : [1] ( 2008-10-09|10:25 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[2008-01-16|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acoustica

[2008-04-08|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2007-12-01|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[2008-06-05|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[2008-01-14|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell

[2008-10-09|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone

[2007-12-01|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[2008-07-08|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[2008-04-03|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB

[2007-12-05|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[2007-12-02|04:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2007-05-22|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive

[2007-05-22|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs

[2008-04-08|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle

[2008-04-08|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio

[2008-03-19|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin

[2008-01-16|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software

[2008-04-08|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[2008-05-03|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

[2005-04-19|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[2008-02-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[2007-12-22|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[2008-03-19|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin

[2006-09-12|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2008-08-24|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[2008-05-04|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-10-09|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zgtafeng

 

[2005-04-19|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[2005-04-19|16:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust

[2005-04-19|16:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2005-04-19|17:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2005-04-19|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

 

[2006-09-24|18:28] C:\DOCUME~1\GUILLA~1\APPLIC~1\3M

[2008-01-16|04:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Acoustica

[2008-05-03|14:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe

[2007-02-05|11:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM

[2008-06-20|13:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ahead

[2007-12-01|22:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Apple Computer

[2008-06-30|17:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\AVGTOOLBAR

[2008-01-14|21:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Bell

[2008-04-04|08:32] C:\DOCUME~1\GUILLA~1\APPLIC~1\BLUE LINK

[2008-08-19|21:02] C:\DOCUME~1\GUILLA~1\APPLIC~1\Canneverbe_Limited

[2006-12-14|09:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google

[2008-10-08|06:58] C:\DOCUME~1\GUILLA~1\APPLIC~1\gtk-2.0

[2008-01-30|07:47] C:\DOCUME~1\GUILLA~1\APPLIC~1\Help

[2005-04-19|12:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities

[2008-04-09|08:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\InstallShield

[2005-04-19|16:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterTrust

[2007-12-02|20:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterVideo

[2006-02-27|23:45] C:\DOCUME~1\GUILLA~1\APPLIC~1\iShell

[2005-10-14|10:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia

[2008-09-26|05:49] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft

[2008-08-19|20:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\NeroVision

[2008-01-16|08:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Propellerhead Software

[2008-05-30|22:09] C:\DOCUME~1\GUILLA~1\APPLIC~1\Real

[2005-12-20|13:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun

[2007-12-07|09:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Symantec

[2008-08-16|07:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Syntrillium

[2005-04-19|16:39] C:\DOCUME~1\GUILLA~1\APPLIC~1\toshiba

[2008-10-08|03:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\uTorrent

[2007-12-21|01:32] C:\DOCUME~1\GUILLA~1\APPLIC~1\WinRAR

[2007-12-01|22:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\Yahoo!

 

[2006-12-04|00:43] C:\DOCUME~1\INVIT~1\APPLIC~1\Google

[2005-04-19|12:44] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities

[2005-04-19|16:24] C:\DOCUME~1\INVIT~1\APPLIC~1\InterTrust

[2006-09-11|12:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia

[2008-06-05|11:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

[2005-04-19|17:01] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec

[2005-04-19|16:39] C:\DOCUME~1\INVIT~1\APPLIC~1\toshiba

 

[2008-06-05|11:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2007-01-03|20:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

 

[2008-06-05|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2005-09-29|19:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[2008-10-09 10:00][--ah-----] C:\WINDOWS\tasks\A98AA28F937D5E33.job

[2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job

[2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job

[2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job

[2004-08-05 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

[2008-10-09 07:14][--ah-----] C:\WINDOWS\tasks\SA.DAT

 

( A98AA28F937D5E33.job )=( c:\docume~1\guilla~1\applic~1\blueli~1\Typemfcd1.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[2008-01-14|21:02] C:\Program Files\Acoustica MP3 Audio Mixer

[2008-04-08|22:52] C:\Program Files\Adobe

[2008-04-08|22:34] C:\Program Files\AdorageI-GfxDatas

[2008-04-08|22:32] C:\Program Files\AdorageI-SAL

[2008-08-19|20:49] C:\Program Files\Ahead

[2005-04-19|16:15] C:\Program Files\Apoint2K

[2008-01-16|11:27] C:\Program Files\Ares

[2005-04-19|15:06] C:\Program Files\ATI Technologies

[2007-12-16|17:17] C:\Program Files\Audacity

[2008-06-05|11:56] C:\Program Files\AVG

[2008-10-08|23:38] C:\Program Files\bsnmjib

[2008-08-19|21:01] C:\Program Files\CDBurnerXP

[2008-05-03|12:34] C:\Program Files\Codec Pack - All In 1

[2007-05-22|17:28] C:\Program Files\Common Files

[2008-08-16|07:58] C:\Program Files\coolpro2

[2005-04-19|17:38] C:\Program Files\Datalode

[2008-04-08|22:09] C:\Program Files\DivX

[2005-04-19|16:17] C:\Program Files\DVD-RAM

[2008-08-19|20:49] C:\Program Files\Fichiers communs

[2008-01-16|11:29] C:\Program Files\FLStudio4

[2008-09-10|18:36] C:\Program Files\GIMP-2.0

[2007-12-02|04:52] C:\Program Files\Grisoft

[2008-08-15|13:24] C:\Program Files\InstallShield Installation Information

[2005-04-19|13:58] C:\Program Files\Intel

[2008-08-13|04:53] C:\Program Files\Internet Explorer

[2007-12-02|20:36] C:\Program Files\InterVideo

[2005-04-19|16:43] C:\Program Files\Java

[2008-05-03|12:39] C:\Program Files\K-Lite Codec Pack

[2008-07-08|13:18] C:\Program Files\Lavasoft

[2005-04-19|17:36] C:\Program Files\ltmoh

[2008-08-24|03:02] C:\Program Files\Messenger

[2008-10-05|23:47] C:\Program Files\Messenger Plus! Live

[2007-12-19|04:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2005-04-19|12:44] C:\Program Files\microsoft frontpage

[2005-10-04|15:32] C:\Program Files\Microsoft Office

[2005-04-19|17:12] C:\Program Files\Microsoft.NET

[2008-08-22|04:22] C:\Program Files\Movie Maker

[2008-08-22|04:22] C:\Program Files\msn

[2005-04-19|12:40] C:\Program Files\MSN Gaming Zone

[2008-08-22|04:16] C:\Program Files\NetMeeting

[2005-04-19|12:40] C:\Program Files\Online Services

[2008-08-22|04:16] C:\Program Files\Outlook Express

[2008-04-08|22:11] C:\Program Files\Pinnacle

[2008-04-08|22:42] C:\Program Files\proDAD

[2008-04-08|22:26] C:\Program Files\QuickTime

[2007-12-02|03:02] C:\Program Files\Realtek AC97

[2005-04-19|12:42] C:\Program Files\Services en ligne

[2008-06-26|23:48] C:\Program Files\sfArk

[2008-01-16|11:29] C:\Program Files\Steinberg

[2005-09-13|06:09] C:\Program Files\Toshiba

[2005-04-19|12:48] C:\Program Files\Uninstall Information

[2007-12-02|04:32] C:\Program Files\uTorrent

[2007-12-02|20:49] C:\Program Files\Veoh Networks

[2008-09-10|17:38] C:\Program Files\VirtuallTek

[2008-08-24|17:59] C:\Program Files\WinAce

[2007-12-17|18:06] C:\Program Files\Windows Live

[2008-01-30|07:49] C:\Program Files\Windows Media Connect 2

[2008-08-22|04:16] C:\Program Files\Windows Media Player

[2008-08-22|04:16] C:\Program Files\Windows NT

[2005-04-19|12:42] C:\Program Files\WindowsUpdate

[2008-08-24|17:32] C:\Program Files\WinZip

[2008-01-18|15:52] C:\Program Files\XBCD

[2005-04-19|12:44] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[2008-05-03|14:05] C:\Program Files\Fichiers communs\Adobe

[2005-10-04|15:32] C:\Program Files\Fichiers communs\DESIGNER

[2005-04-19|16:12] C:\Program Files\Fichiers communs\InstallShield

[2005-04-19|16:43] C:\Program Files\Fichiers communs\Java

[2008-06-10|03:05] C:\Program Files\Fichiers communs\Microsoft Shared

[2007-05-22|17:28] C:\Program Files\Fichiers communs\Motive

[2005-04-19|12:41] C:\Program Files\Fichiers communs\MSSoap

[2005-04-19|07:34] C:\Program Files\Fichiers communs\ODBC

[2005-04-19|12:41] C:\Program Files\Fichiers communs\Services

[2005-04-19|07:34] C:\Program Files\Fichiers communs\SpeechEngines

[2008-08-22|04:16] C:\Program Files\Fichiers communs\System

[2008-05-04|08:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[2008-09-26|08:22] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 61 Processes )

 

IEXPLORE.EXE ~ [PID:3916]

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB

C:\DOCUME~1\GUILLA~1\APPLIC~1\blueli~1

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\msgpl_b896.tmp

C:\DOCUME~1\GUILLA~1\Cookies\guillaume@advertising[1].txt

C:\DOCUME~1\GUILLA~1\Cookies\guillaume@adopt.euroclick[2].txt

C:\WINDOWS\Tasks\A98AA28F937D5E33.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"army dog"="C:\\DOCUME~1\\GUILLA~1\\APPLIC~1\\BLUELI~1\\poke show.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Option Bib Logo Log"="C:\\Documents and Settings\\All Users\\Application Data\\LICENSE ADMIN OPTION BIB\\dent draw.exe"

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 7793 [ 70 ## added by CiD ]

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-09 10:26:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 72

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]

 

 

Trojan ! .. C:\WINDOWS\system32\tdssservers.dat

Trojan ! .. C:\WINDOWS\system32\tdssinit.dll

Trojan ! .. C:\WINDOWS\system32\tdssadw.dll

 

--------------------\\ Suspect ..

 

C:\WINDOWS\system32\tdssadw.dll

C:\WINDOWS\system32\tdssinit.dll

C:\WINDOWS\system32\tdssservers.dat

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\GUILLA~1\Local Settings\Temp\avg.7.0.keygen-efc87.exe

 

 

[F:6291][D:240]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp

[F:77][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies

[F:2066][D:20]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|10:28 - Option : [1]

 

--------------------\\ Fin du rapport a 10:28:38

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Right!

 

Relance Lop S&D

 

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

Poste ce rapport et en attendant lance cette analyse stp.

Prière de suivre scrupuleusement la procédure donnée. Merci.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à être redémarré, reboote le pc.

 

Poste un nouveau log Hijackthis après le redémarrage de la machine stp.

 

@++

Westzup Member

Westzup

Posté(e)
  • Auteur
Posté(e)

Voici le deuxieme rapport , je fait le Malwarebytes' Anti-Malware (MBAM) sur le champ .

 

 

 

 

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.50GHz )

BIOS : Ver 1.00PARTTBL

USER : guillaume ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total : 55 Go Free : 25 Go

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )

Option : [2] ( 2008-10-09|10:41 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\msgpl_b896.tmp

Supprime! - C:\DOCUME~1\GUILLA~1\Cookies\guillaume@advertising[1].txt

Supprime! - C:\DOCUME~1\GUILLA~1\Cookies\guillaume@adopt.euroclick[2].txt

Supprime! - C:\WINDOWS\Tasks\A98AA28F937D5E33.job

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\blueli~1

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[2008-01-16|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acoustica

[2008-04-08|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2007-12-01|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[2008-06-05|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[2008-01-14|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell

[2008-10-09|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone

[2007-12-01|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[2008-07-08|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[2007-12-05|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[2007-12-02|04:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2007-05-22|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive

[2007-05-22|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs

[2008-04-08|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle

[2008-04-08|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio

[2008-03-19|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin

[2008-01-16|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software

[2008-04-08|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[2008-05-03|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

[2005-04-19|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[2008-02-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[2007-12-22|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[2008-03-19|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin

[2006-09-12|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2008-08-24|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[2008-05-04|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-10-09|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zgtafeng

 

[2005-04-19|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[2005-04-19|16:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust

[2005-04-19|16:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2005-04-19|17:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2005-04-19|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

 

[2006-09-24|18:28] C:\DOCUME~1\GUILLA~1\APPLIC~1\3M

[2008-01-16|04:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Acoustica

[2008-05-03|14:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe

[2007-02-05|11:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM

[2008-06-20|13:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ahead

[2007-12-01|22:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Apple Computer

[2008-06-30|17:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\AVGTOOLBAR

[2008-01-14|21:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Bell

[2008-08-19|21:02] C:\DOCUME~1\GUILLA~1\APPLIC~1\Canneverbe_Limited

[2006-12-14|09:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google

[2008-10-08|06:58] C:\DOCUME~1\GUILLA~1\APPLIC~1\gtk-2.0

[2008-01-30|07:47] C:\DOCUME~1\GUILLA~1\APPLIC~1\Help

[2005-04-19|12:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities

[2008-04-09|08:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\InstallShield

[2005-04-19|16:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterTrust

[2007-12-02|20:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterVideo

[2006-02-27|23:45] C:\DOCUME~1\GUILLA~1\APPLIC~1\iShell

[2005-10-14|10:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia

[2008-09-26|05:49] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft

[2008-08-19|20:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\NeroVision

[2008-01-16|08:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Propellerhead Software

[2008-05-30|22:09] C:\DOCUME~1\GUILLA~1\APPLIC~1\Real

[2005-12-20|13:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun

[2007-12-07|09:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Symantec

[2008-08-16|07:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Syntrillium

[2005-04-19|16:39] C:\DOCUME~1\GUILLA~1\APPLIC~1\toshiba

[2008-10-08|03:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\uTorrent

[2007-12-21|01:32] C:\DOCUME~1\GUILLA~1\APPLIC~1\WinRAR

[2007-12-01|22:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\Yahoo!

 

[2006-12-04|00:43] C:\DOCUME~1\INVIT~1\APPLIC~1\Google

[2005-04-19|12:44] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities

[2005-04-19|16:24] C:\DOCUME~1\INVIT~1\APPLIC~1\InterTrust

[2006-09-11|12:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia

[2008-06-05|11:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

[2005-04-19|17:01] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec

[2005-04-19|16:39] C:\DOCUME~1\INVIT~1\APPLIC~1\toshiba

 

[2008-06-05|11:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2007-01-03|20:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

 

[2008-06-05|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2005-09-29|19:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job

[2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job

[2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job

[2004-08-05 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

[2008-10-09 07:14][--ah-----] C:\WINDOWS\tasks\SA.DAT

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[2008-01-14|21:02] C:\Program Files\Acoustica MP3 Audio Mixer

[2008-04-08|22:52] C:\Program Files\Adobe

[2008-04-08|22:34] C:\Program Files\AdorageI-GfxDatas

[2008-04-08|22:32] C:\Program Files\AdorageI-SAL

[2008-08-19|20:49] C:\Program Files\Ahead

[2005-04-19|16:15] C:\Program Files\Apoint2K

[2008-01-16|11:27] C:\Program Files\Ares

[2005-04-19|15:06] C:\Program Files\ATI Technologies

[2007-12-16|17:17] C:\Program Files\Audacity

[2008-06-05|11:56] C:\Program Files\AVG

[2008-10-08|23:38] C:\Program Files\bsnmjib

[2008-08-19|21:01] C:\Program Files\CDBurnerXP

[2008-05-03|12:34] C:\Program Files\Codec Pack - All In 1

[2007-05-22|17:28] C:\Program Files\Common Files

[2008-08-16|07:58] C:\Program Files\coolpro2

[2005-04-19|17:38] C:\Program Files\Datalode

[2008-04-08|22:09] C:\Program Files\DivX

[2005-04-19|16:17] C:\Program Files\DVD-RAM

[2008-08-19|20:49] C:\Program Files\Fichiers communs

[2008-01-16|11:29] C:\Program Files\FLStudio4

[2008-09-10|18:36] C:\Program Files\GIMP-2.0

[2007-12-02|04:52] C:\Program Files\Grisoft

[2008-08-15|13:24] C:\Program Files\InstallShield Installation Information

[2005-04-19|13:58] C:\Program Files\Intel

[2008-08-13|04:53] C:\Program Files\Internet Explorer

[2007-12-02|20:36] C:\Program Files\InterVideo

[2005-04-19|16:43] C:\Program Files\Java

[2008-05-03|12:39] C:\Program Files\K-Lite Codec Pack

[2008-07-08|13:18] C:\Program Files\Lavasoft

[2005-04-19|17:36] C:\Program Files\ltmoh

[2008-08-24|03:02] C:\Program Files\Messenger

[2008-10-05|23:47] C:\Program Files\Messenger Plus! Live

[2007-12-19|04:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2005-04-19|12:44] C:\Program Files\microsoft frontpage

[2005-10-04|15:32] C:\Program Files\Microsoft Office

[2005-04-19|17:12] C:\Program Files\Microsoft.NET

[2008-08-22|04:22] C:\Program Files\Movie Maker

[2008-08-22|04:22] C:\Program Files\msn

[2005-04-19|12:40] C:\Program Files\MSN Gaming Zone

[2008-08-22|04:16] C:\Program Files\NetMeeting

[2005-04-19|12:40] C:\Program Files\Online Services

[2008-08-22|04:16] C:\Program Files\Outlook Express

[2008-04-08|22:11] C:\Program Files\Pinnacle

[2008-04-08|22:42] C:\Program Files\proDAD

[2008-04-08|22:26] C:\Program Files\QuickTime

[2007-12-02|03:02] C:\Program Files\Realtek AC97

[2005-04-19|12:42] C:\Program Files\Services en ligne

[2008-06-26|23:48] C:\Program Files\sfArk

[2008-01-16|11:29] C:\Program Files\Steinberg

[2005-09-13|06:09] C:\Program Files\Toshiba

[2005-04-19|12:48] C:\Program Files\Uninstall Information

[2007-12-02|04:32] C:\Program Files\uTorrent

[2007-12-02|20:49] C:\Program Files\Veoh Networks

[2008-09-10|17:38] C:\Program Files\VirtuallTek

[2008-08-24|17:59] C:\Program Files\WinAce

[2007-12-17|18:06] C:\Program Files\Windows Live

[2008-01-30|07:49] C:\Program Files\Windows Media Connect 2

[2008-08-22|04:16] C:\Program Files\Windows Media Player

[2008-08-22|04:16] C:\Program Files\Windows NT

[2005-04-19|12:42] C:\Program Files\WindowsUpdate

[2008-08-24|17:32] C:\Program Files\WinZip

[2008-01-18|15:52] C:\Program Files\XBCD

[2005-04-19|12:44] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[2008-05-03|14:05] C:\Program Files\Fichiers communs\Adobe

[2005-10-04|15:32] C:\Program Files\Fichiers communs\DESIGNER

[2005-04-19|16:12] C:\Program Files\Fichiers communs\InstallShield

[2005-04-19|16:43] C:\Program Files\Fichiers communs\Java

[2008-06-10|03:05] C:\Program Files\Fichiers communs\Microsoft Shared

[2007-05-22|17:28] C:\Program Files\Fichiers communs\Motive

[2005-04-19|12:41] C:\Program Files\Fichiers communs\MSSoap

[2005-04-19|07:34] C:\Program Files\Fichiers communs\ODBC

[2005-04-19|12:41] C:\Program Files\Fichiers communs\Services

[2005-04-19|07:34] C:\Program Files\Fichiers communs\SpeechEngines

[2008-08-22|04:16] C:\Program Files\Fichiers communs\System

[2008-05-04|08:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[2008-09-26|08:22] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 59 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-09 10:42:52

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 72

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]

 

 

Trojan ! .. C:\WINDOWS\system32\tdssservers.dat

Trojan ! .. C:\WINDOWS\system32\tdssinit.dll

Trojan ! .. C:\WINDOWS\system32\tdssadw.dll

 

--------------------\\ Suspect ..

 

C:\WINDOWS\system32\tdssadw.dll

C:\WINDOWS\system32\tdssinit.dll

C:\WINDOWS\system32\tdssservers.dat

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\GUILLA~1\Local Settings\Temp\avg.7.0.keygen-efc87.exe

 

 

[F:6291][D:237]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp

[F:74][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies

[F:2175][D:20]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|10:28 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 2008-10-09|10:44 - Option : [2]

 

--------------------\\ Fin du rapport a 10:44:25

Westzup Member

Westzup

Posté(e)
  • Auteur
Posté(e)

Voici le Rapport de Malwarebytes

 

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1247

Windows 5.1.2600 Service Pack 3

 

2008-10-09 12:09:50

mbam-log-2008-10-09 (12-09-50).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 143837

Temps écoulé: 1 hour(s), 13 minute(s), 57 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 25

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 70

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{73461C55-B485-B99F-56A3-04250DC159A5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\utilapiadm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winmonapp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\bsnmjib\UtilApiAdm.dll (Trojan.FakeAlert.H) -> Delete on reboot.

C:\WINDOWS\system32\xebklanu.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS9ae4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS9cc8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\guillaume\Local Settings\Temp\TDSS8384.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\guillaume\Local Settings\Temp\TDSS83f1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\guillaume\Local Settings\Temp\TDSS8875.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\guillaume\Local Settings\Temp\TDSSa975.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Westzup Member

Westzup

Posté(e)
  • Auteur
Posté(e)

Voici le nouveau rapport de Hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:21:37, on 2008-10-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [zw12ZFYQ7k] C:\Documents and Settings\All Users\Application Data\zgtafeng\bgnotahq.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: .security

O4 - Global Startup: .security

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Documents and Settings\marilou hayes\Bureau\PsnLite.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE (file missing)

O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE (file missing)

O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program Files\BufferZone\BZRPCSS.EXE (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

 

--

End of file - 9793 bytes

Apollo Devil Member !

Apollo

Posté(e)
Posté(e) (modifié)

Re,

 

On va finir egdaccess:

 

Fais un clic droit sur ce lien : Navilog1 par IL-MAFIOSO .

Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.

  • Ensuite double clique sur navilog1.exe pour lancer l'installation.
  • Certains antivirus réagissent à Navilog1, désactiver provisoirement l'antivirus en cas de problème.
  • Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
  • Laisse-toi guider. Au menu principal, choisis 1 et valide.
    Patiente jusqu'au message : *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.

Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

 

Ne passe aucune autre option avant qu'on ne te le dise.

 

++

Modifié par Apollo
Westzup Member

Westzup

Posté(e)
  • Auteur
Posté(e)

Voila >

 

 

Search Navipromo version 3.6.6 commencé le 2008-10-09 à 12:30:43,85

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "guillaume"

 

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Système de fichiers : NTFS

 

Recherche executé en mode normal

 

*** Recherche Programmes installés ***

 

 

*** Recherche dossiers dans "C:\WINDOWS" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

 

 

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\guillaume\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\guillaume\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\guillaume\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***

 

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

 

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\WINDOWS\system32" *

 

* Recherche dans "C:\Documents and Settings\guillaume\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\WINDOWS\system32" :

 

 

* Dans "C:\Documents and Settings\guillaume\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :

 

 

3)Recherche Certificats :

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat Montorgueil absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

 

 

*** Analyse terminée le 2008-10-09 à 12:41:03,42 ***

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Ok,

 

rien mais je devais vérifier :P

 

Tu peux désinstaller Navilog1 par ajout/suppr de programmes et virer son dossier sous C:\Program File

 

Je vais analyser ton log HJT.

 

@ tte.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...