Sujet Précédent Sujet Suivant

PC allergique à Hiijackthis

Paddock Messages postés 11 Statut Membre -  
Paddock Messages postés 11 Statut Membre -
Hello, chaque fois que je veux lancer Hiijackthis (je suis même obliger de mal l'orthographier ici), le pc ferme toutes applications et revient au bureau.
Quand je recherche sur le net, c'est pareil. La liaison réseau se ferme dès que j'introduit le nom.
Pas moyen de le désinstaller non plus, dès que j'y touche, retour bureau.

Pouvez-vous m'aider, car je souhaiterais vraiment pouvoir me resservir de cet outil?
Merci
A voir également:

6 réponses

Réponse 1 / 6
eclypse16 Messages postés 162 Statut Membre
 
Salut

Suis cette procedure
http://www.alt-shift-return.org/Info/GenProc-HowTo.html

et poste le rapport
0
Réponse 2 / 6
Paddock Messages postés 11 Statut Membre
 
Merci pour la rapidité de ta réponse.

Voilà, j'ai terminé les manip mais les symptômes persistent.

Déroulement:

1. Rapport SmitfraudFix (éléments nuisibles)
SmitFraudFix v2.210

Rapport fait à 13:19:03,50, ven. 10/08/2007
Executé à partir de C:\Documents and Settings\Gilles\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\intelscr.exe
c:\windows\toshiba-driver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\WINDOWS\svhost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gilles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gilles\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gilles\Favoris

C:\DOCUME~1\Gilles\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="\\\\?\\C:\\WINDOWS\\System32\\com6.kmj"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SpeedTouch(tm) USB ADSL RFC1483 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D87DA256-8C0F-4674-A850-DD6F6C5363F0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D87DA256-8C0F-4674-A850-DD6F6C5363F0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D87DA256-8C0F-4674-A850-DD6F6C5363F0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

2. Rapport VundoFix

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 13:29:25 10/08/2007

Listing files found while scanning....

C:\windows\system32\geeby.dll
C:\windows\system32\gfmxogvx.ini
C:\WINDOWS\System32\hijpghpr.dll
C:\WINDOWS\system32\vtuutqn.dll
C:\windows\system32\xvgoxmfg.dll
C:\windows\system32\ybeeg.bak1
C:\WINDOWS\System32\ybeeg.bak2
C:\WINDOWS\System32\ybeeg.ini
C:\windows\system32\ybeeg.tmp

Beginning removal...

Attempting to delete C:\windows\system32\geeby.dll
C:\windows\system32\geeby.dll Could not be deleted.

Attempting to delete C:\windows\system32\gfmxogvx.ini
C:\windows\system32\gfmxogvx.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\hijpghpr.dll
C:\WINDOWS\System32\hijpghpr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuutqn.dll
C:\WINDOWS\system32\vtuutqn.dll Could not be deleted.

Attempting to delete C:\windows\system32\xvgoxmfg.dll
C:\windows\system32\xvgoxmfg.dll Has been deleted!

Attempting to delete C:\windows\system32\ybeeg.bak1
C:\windows\system32\ybeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ybeeg.bak2
C:\WINDOWS\System32\ybeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ybeeg.ini
C:\WINDOWS\System32\ybeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 13:36:37 10/08/2007

Listing files found while scanning....

C:\windows\system32\geeby.dll
C:\WINDOWS\system32\vtuutqn.dll
C:\windows\system32\ybeeg.ini

Beginning removal...

Attempting to delete C:\windows\system32\geeby.dll
C:\windows\system32\geeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuutqn.dll
C:\WINDOWS\system32\vtuutqn.dll Could not be deleted.

Attempting to delete C:\windows\system32\ybeeg.ini
C:\windows\system32\ybeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

ICI, 3 fichiers non pu être supprimés, même après redémarrage.
- c/windows/system32/vtuutqn.dll
- c/windows/system32/geeby.dll
- c/windows/system32/ybeeg.ini

3. Rapport ComboFix
ComboFix 07-08-09.3 - "Gilles" 2007-08-10 13:55:32.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.536 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

2007-08-10 13:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 13:29 <REP> d-------- C:\VundoFix Backups
2007-08-10 13:13 4,234 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 13:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-10 13:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-10 13:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-10 11:38 <REP> d-------- C:\Program Files\CCleaner
2007-08-10 11:36 2,719,216 --a------ C:\Program Files\ccsetup140.exe
2007-07-15 10:24 <REP> d-------- C:\DOCUME~1\Colin\APPLIC~1\ScanSoft
2007-07-15 10:23 786,432 --a------ C:\DOCUME~1\Colin\ntuser.dat
2007-07-15 10:23 <REP> d-------- C:\DOCUME~1\Colin\Temporary Internet Files
2007-07-15 10:23 <REP> d-------- C:\DOCUME~1\Colin\Historique
2007-07-11 19:12 749,568 --a------ C:\DOCUME~1\NETWOR~1\ntuser.dat
2007-07-11 19:12 745,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-07-11 19:12 5,767,168 --a------ C:\DOCUME~1\Gilles\ntuser.dat

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 13:57 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-10 13:53 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-08-10 13:53 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-08-10 12:21 31 --a------ C:\WINDOWS\system32\getfile.dat
2007-08-09 23:28 --------- d-------- C:\DOCUME~1\Gilles\APPLIC~1\Ahead
2007-08-09 17:12 --------- d-------- C:\DOCUME~1\Gilles\APPLIC~1\Canon
2007-07-23 22:31 --------- d-------- C:\Program Files\Eraser
2007-07-15 17:47 601 --ahs---- C:\WINDOWS\system32\403646257.dat
2007-06-21 18:21 --------- d-------- C:\DOCUME~1\Gilles\APPLIC~1\U3
2007-05-27 10:53 30980 ---hs---- C:\WINDOWS\system32\acleditb.exe
2007-02-17 21:19 17247 --a------ C:\Program Files\anastasia.zip
2007-02-16 21:11 437616 --a------ C:\Program Files\GeniusC2_French.exe
2006-09-26 21:00 482504 --a------ C:\Program Files\mysterycasefileshuntsvilleenfranais_belgac-fr_stub.exe
2006-09-10 13:23 13256032 --a------ C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe
2006-07-20 19:57 86232 --a------ C:\Program Files\WinAntiSpyware2006FreeInstall_fr.exe
2006-07-20 19:54 5383185 --a------ C:\Program Files\adprotect_setup.exe
2006-05-27 18:35 2199797 --a------ C:\Program Files\pe.exe
2007-04-21 13:51:04 28,644 --sh--r C:\WINDOWS\system32\3DR565r.exe
2007-04-13 16:11:31 32,704 --sh--r C:\WINDOWS\system32\3DRARGBl.exe
2007-04-26 15:06:38 183,808 --sha-w C:\WINDOWS\Temp\2113833213.exe
2007-04-17 17:50:29 183,296 --sha-w C:\WINDOWS\Temp\2465788173.exe
2007-04-29 15:51:02 183,808 --sha-w C:\WINDOWS\Temp\3327787053.exe
2007-05-03 19:08:10 185,344 --sha-w C:\WINDOWS\Temp\3685765389.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94AF580E-7A91-4250-A5FC-CF1CA21F3AEA}]
C:\WINDOWS\System32\geeby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D93F3B63-8F0B-007A-63A7-D03217DFEDE1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8312E40-CB2D-4E5C-AFE1-CE97BF22C9C9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 08:15]
"ElbyCheckElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 14:09]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"WorkFlowTray"="C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2003-11-12 02:40]
"Opware14"="C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2003-11-12 02:39]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2003-11-12 02:41]
"PDF Converter Registry Controller"="C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe" [2003-09-30 09:55]
"SSPrnAgent"="C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe" [2003-11-12 01:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-04 18:07]
"NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 19:53]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 12:28]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-03-11 20:57]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2006-05-06 08:45]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 08:02]
"WireLessMouse"="C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe" [2005-08-30 15:35]
"WireLessKeyboard"="C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe" [2005-08-30 11:51]
"net32"="C:\WINDOWS\svhost.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Microsoft Internet Tool"=sysintnt.exe
"Antivirus Protection Services"=CCapp2.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Internet Tool"=sysintnt.exe
"Antivirus Protection Services"=CCapp2.exe

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-24 21:29:56]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-23 14:00:18]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"intelscr"="c:\windows\intelscr.exe"
"javasvc"="c:\windows\javasvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,\"c:\windows\toshiba-driver.exe\","

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\System32\drivers\Defrag32b.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 Defrag32;Defrag32;C:\WINDOWS\System32\drivers\Defrag32.sys
R2 MASPINT;MASPINT;C:\WINDOWS\System32\drivers\MASPINT.sys
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe
R2 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service;C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\System32\DRIVERS\alcan5ln.sys
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
S2 EventSystemUPS;Système d'événements de COM+ EventSystemUPS;C:\WINDOWS\System32\3DRARGBl.exe srv
S2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S2 gafwload;Eicon Networks USB ADSL Loader;C:\WINDOWS\System32\DRIVERS\gafwload.sys
S2 Microsoft IEUpdater2;ieupdater2;C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\MSWin--1403799428.exe /start
S2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender9\regspy.sys
S2 SENSTermService;Notification d'événement système SENSTermService;C:\WINDOWS\System32\3DR565r.exe srv
S2 SysHte;SysHte;"C:\WINDOWS\TEMP\20.tmp"
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\System32\DRIVERS\alcan5wn.sys
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\System32\DRIVERS\loop.sys
S3 PlextorTV402U;Plextor ConvertX TV402U A/V Capture;C:\WINDOWS\System32\drivers\TVXstream.sys
S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2004.SP2b (Win32 x86)\Sandra.sys
S3 TVXLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (TVXLoader.sys);C:\WINDOWS\System32\Drivers\TVXLoader.sys
S3 wanusb;Eicon Networks USB ADSL WAN Modem;C:\WINDOWS\System32\DRIVERS\gwausb.sys
S4 Win32Sr;Win32Sr;"C:\WINDOWS\win32ssr.exe"

Contents of the 'Scheduled Tasks' folder
2007-06-15 15:15:04 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 14:00:08
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="\\?\C:\WINDOWS\System32\com6.kmj"

scanning hidden files ...

C:\WINDOWS\ydady1.dll
C:\WINDOWS\system32\com6.kmj

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-08-10 14:03:58
C:\ComboFix-quarantined-files.txt ... 2007-08-10 14:03

--- E O F ---

4 Rapport SDFix

SDFix: Version 1.97

Run by Gilles on ven. 10/08/2007 at 14:39

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Gilles\Bureau\SDfix\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IEUpdater2
Win32Sr

ImagePath:
C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\MSWin--1403799428.exe /start
"C:\WINDOWS\win32ssr.exe"

Microsoft IEUpdater2 - Deleted
Win32Sr - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\CP1041.NLS - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\2YR673L8\TPKTSK~1.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\2YR673L8\TPKTSK~2.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\2YR673L8\TPKTSK~3.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\2YR673L8\TPKTSK~4.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\743ZLRX3\TPKTSK~2.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\743ZLRX3\TPKTSK~3.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\743ZLRX3\TPKTSK~4.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AEKJ1157\TPKTSK~1.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AEKJ1157\TPKTSK~2.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AEKJ1157\TPKTSK~3.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\LKUYZ15J\TPKTSK~1.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\LKUYZ15J\TPKTSK~3.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\LKUYZ15J\LOADER~2 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\LKUYZ15J\GOOGLE~1 - Deleted
C:\WINDOWS\system32\aspr_keys.ini - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted
C:\WINDOWS\system32\TFTP1200 - Deleted
C:\WINDOWS\system32\TFTP1248 - Deleted
C:\WINDOWS\system32\TFTP1260 - Deleted
C:\WINDOWS\system32\TFTP1264 - Deleted
C:\WINDOWS\system32\TFTP1276 - Deleted
C:\WINDOWS\system32\TFTP1312 - Deleted
C:\WINDOWS\system32\TFTP1316 - Deleted
C:\WINDOWS\system32\TFTP1376 - Deleted
C:\WINDOWS\system32\TFTP1392 - Deleted
C:\WINDOWS\system32\TFTP1520 - Deleted
C:\WINDOWS\system32\TFTP164 - Deleted
C:\WINDOWS\system32\TFTP1648 - Deleted
C:\WINDOWS\system32\TFTP1916 - Deleted
C:\WINDOWS\system32\TFTP1944 - Deleted
C:\WINDOWS\system32\TFTP200 - Deleted
C:\WINDOWS\system32\TFTP2052 - Deleted
C:\WINDOWS\system32\TFTP2136 - Deleted
C:\WINDOWS\system32\TFTP2388 - Deleted
C:\WINDOWS\system32\TFTP2484 - Deleted
C:\WINDOWS\system32\TFTP2580 - Deleted
C:\WINDOWS\system32\TFTP2628 - Deleted
C:\WINDOWS\system32\TFTP2632 - Deleted
C:\WINDOWS\system32\TFTP2660 - Deleted
C:\WINDOWS\system32\TFTP2804 - Deleted
C:\WINDOWS\system32\TFTP284 - Deleted
C:\WINDOWS\system32\TFTP3076 - Deleted
C:\WINDOWS\system32\TFTP3084 - Deleted
C:\WINDOWS\system32\TFTP3104 - Deleted
C:\WINDOWS\system32\TFTP3140 - Deleted
C:\WINDOWS\system32\TFTP3144 - Deleted
C:\WINDOWS\system32\TFTP3256 - Deleted
C:\WINDOWS\system32\TFTP3356 - Deleted
C:\WINDOWS\system32\TFTP3488 - Deleted
C:\WINDOWS\system32\TFTP3516 - Deleted
C:\WINDOWS\system32\TFTP3540 - Deleted
C:\WINDOWS\system32\TFTP3744 - Deleted
C:\WINDOWS\system32\TFTP3784 - Deleted
C:\WINDOWS\system32\TFTP3816 - Deleted
C:\WINDOWS\system32\TFTP3928 - Deleted
C:\WINDOWS\system32\TFTP3984 - Deleted
C:\WINDOWS\system32\TFTP4008 - Deleted
C:\WINDOWS\system32\TFTP4016 - Deleted
C:\WINDOWS\system32\TFTP4028 - Deleted
C:\WINDOWS\system32\TFTP952 - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Gilles\Bureau\SDfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Eraser\_Setup.dll
C:\Program Files\Eraser\Setup.exe
C:\WINDOWS\system32\3DR565r.exe
C:\WINDOWS\system32\3DRARGBl.exe
C:\WINDOWS\system32\acleditb.exe
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0002.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0003.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0004.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0005.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0006.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0007.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0008.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0009.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0010.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0011.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0012.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0013.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL0730.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\ModŠles\~WRL1526.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\Word\~WRL0256.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\Word\~WRL0952.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\Word\~WRL3059.tmp
C:\Documents and Settings\Gilles\Application Data\Microsoft\Word\~WRL3405.tmp
C:\Program Files\InterActual\InterActual Player\itiA.tmp
C:\WINDOWS\LastGood.Tmp\INF\mpeg4acm.PNF
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

Il y a déjà pas mal de crasse qui sont retirées et je t'en remercie.
As-tu qq chose d'autre à me proposer?

A+
0
Réponse 3 / 6
eclypse16 Messages postés 162 Statut Membre
 
fais un smitfraud en mode sans echec option 2 et poste le rapport
0
Réponse 4 / 6
Paddock Messages postés 11 Statut Membre
 
Voilà qui est fait.

SmitFraudFix v2.210

Rapport fait à 16:48:28,37, ven. 10/08/2007
Executé à partir de C:\Documents and Settings\Gilles\Bureau\Gros nettoyage\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D87DA256-8C0F-4674-A850-DD6F6C5363F0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D87DA256-8C0F-4674-A850-DD6F6C5363F0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D87DA256-8C0F-4674-A850-DD6F6C5363F0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Je ne sais si cela peut t'aider à me guider, mais quand j'ouvre Hiijackthis, la fenêtre reste ouverte 1 à 2 seconde, ce qui me laisse le temps de le lancer (et il tourne) mais pas de voir le rapport car tous se referme aussitôt.
?!?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
eclypse16 Messages postés 162 Statut Membre
 
Telecharge killbox : http://www.killbox.net/downloads/KillBox.exe
Tuto dispo : http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm
Donc tu lances ensuite dans le rectangle tu met chacun des fichiers (leur chemin complet via le dossier jaune)
Puis tu verifies que all files soit coché
Enfin tu coches delete on reboot
puis tu clique sur la croix rouge
Redemarrage de l'ordinateur 

c/windows/system32/vtuutqn.dll
c/windows/system32/geeby.dll
c/windows/system32/ybeeg.ini
0
Réponse 6 / 6
Paddock Messages postés 11 Statut Membre
 
Me revoilà,
bon, apparemment, les fichiers infestés ne sont plus là.

Le problème hijackthis persiste tjs.

Ton avis?
0