Ntos.exe - Page 2

Résolu
Précédent
  • 1
  • 2
  1. kawick Messages postés 40 Statut Membre
     
    De retour,

    ***Le rapport avenger :
    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\roiejhe

    Script file located at: \??\C:\WINDOWS\cmdaotfq.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\windows\system32\yayywvt.dll deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    ***Le rapport combo fix :

    ComboFix 07-11-01.1 - vesier 2007-11-03 16:17:52.1 - NTFSx86
    Running from: C:\Documents and Settings\vesier\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\a.exe
    C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak2
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\System32\vtstu.dll
    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\wsnpoem\audio.dll.cla

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-03 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-03 12:30 81,472 --a------ C:\WINDOWS\system32\gphqcuhr.dll
    2007-11-02 22:51 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2007-11-02 22:51 <REP> d-------- C:\WINDOWS\LastGood
    2007-11-01 00:38 <REP> d-------- C:\VundoFix Backups
    2007-11-01 00:36 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-31 22:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-31 18:43 <REP> d-------- C:\WINDOWS\ERUNT
    2007-10-31 10:29 <REP> d-------- C:\WINDOWS\pss
    2007-10-27 10:43 <REP> d-------- C:\Documents and Settings\vesier\Application Data\Apple Computer
    2007-10-27 09:34 <REP> d-------- C:\Program Files\splus
    2007-10-24 23:16 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.15
    2007-10-24 21:55 33,792 --a------ C:\WINDOWS\system32\drivers\disk.sys
    2007-10-24 21:55 33,792 --a--c--- C:\WINDOWS\system32\dllcache\disk.sys
    2007-10-24 20:27 <REP> d-------- C:\Program Files\MediaCoder
    2007-10-23 18:22 90,112 --a------ C:\WINDOWS\system32\crehcjid.dll
    2007-10-23 18:22 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
    2007-10-20 15:56 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
    2007-10-20 15:56 <REP> d-------- C:\Program Files\QuickTime
    2007-10-20 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-20 15:55 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
    2007-10-20 15:55 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-10-20 15:52 <REP> d-------- C:\Program Files\Kodak
    2007-10-20 15:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2007-10-17 23:26 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2007-10-17 16:56 <REP> d-------- C:\Documents and Settings\vesier\Application Data\Talkback
    2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
    2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(5).dll
    2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(4).dll
    2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(3).dll
    2007-10-17 14:12 <REP> d-------- C:\WINDOWS\system32\bits
    2007-10-17 14:10 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
    2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
    2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp(4).dll
    2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp(3).dll
    2007-10-17 14:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
    2007-10-17 14:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2007-10-17 14:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
    2007-10-17 14:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
    2007-10-17 14:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
    2007-10-17 14:09 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-10-17 13:53 55,812 ---hs---- C:\ntlds.exe
    2007-10-17 13:44 541,090 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
    2007-10-17 13:44 401,408 -ra------ C:\WINDOWS\stmchart.exe
    2007-10-17 13:44 249,856 -ra------ C:\WINDOWS\editadsl.exe
    2007-10-17 13:44 180,224 --a------ C:\WINDOWS\system32\stmcfg32.dll
    2007-10-17 13:44 94,208 -ra------ C:\WINDOWS\stmtrace.exe
    2007-10-17 13:44 60,255 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
    2007-10-16 20:16 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
    2007-10-15 19:45 83,712 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-10-15 19:45 18,560 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-10-15 19:45 16,384 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-10-15 19:45 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-10-15 19:44 3,346,432 --a--c--- C:\WINDOWS\system32\dllcache\msgr3en.dll
    2007-10-15 19:44 106,562 --a--c--- C:\WINDOWS\system32\dllcache\srchctls.dll
    2007-10-15 19:36 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2007-10-15 19:36 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2007-10-15 16:31 100,864 --a------ C:\WINDOWS\system32\irftp.exe
    2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon.dll
    2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon(3).dll
    2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon(2).dll
    2007-10-15 16:31 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
    2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
    2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda(3).dll
    2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda(2).dll
    2007-10-15 15:48 57,728 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2007-10-15 15:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
    2007-10-15 15:26 <REP> d-------- C:\WINDOWS\NV780308.TMP
    2007-10-15 14:59 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2007-10-15 14:59 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
    2007-10-15 14:59 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
    2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser(3).dll
    2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll
    2007-10-15 14:58 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
    2007-10-15 14:58 73,216 --a------ C:\WINDOWS\system32\storprop.dll
    2007-10-15 14:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2007-10-15 14:58 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
    2007-10-15 14:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2007-10-15 14:58 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
    2007-10-15 14:58 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2007-10-15 14:58 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
    2007-10-13 15:45 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
    2007-10-13 15:45 1,332,544 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
    2007-10-13 15:45 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
    2007-10-13 15:45 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
    2007-10-13 15:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
    2007-10-13 15:45 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
    2007-10-13 15:45 167,936 -ra------ C:\WINDOWS\system32\cmuda.dll
    2007-10-13 15:45 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
    2007-10-13 15:45 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
    2007-10-13 15:43 297,600 -ra------ C:\WINDOWS\system32\drivers\MRV8K51.sys
    2007-10-13 09:29 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 15:08 --------- d-----w C:\Documents and Settings\vesier\Application Data\Free Download Manager
    2007-10-31 21:33 --------- d-----w C:\Program Files\AOL 9.0a
    2007-10-31 09:28 --------- d-----w C:\Program Files\eMule
    2007-10-30 17:19 2,266 ----a-w C:\Documents and Settings\vesier\Application Data\wklnhst.dat
    2007-10-30 12:56 --------- d-----w C:\Program Files\CDDC-MahJongg
    2007-10-16 19:54 --------- d-----w C:\Program Files\D-Tools
    2007-10-15 21:46 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-15 18:42 --------- d-----w C:\Program Files\Services en ligne
    2007-09-25 21:44 --------- d-----w C:\Program Files\Panda Security
    2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-09-05 20:11 --------- d-----w C:\Program Files\Lavalys
    2007-09-04 07:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AOL
    2007-09-03 20:40 --------- d-----w C:\Program Files\CDex_150
    2007-09-03 20:33 --------- d-----w C:\Program Files\WAVmaker
    2007-09-03 20:30 --------- d-----w C:\Program Files\MyBuy
    2007-09-03 20:26 --------- d-----w C:\Program Files\PeerGuardian2
    2005-06-09 08:03 1,365,840 ----a-w C:\Program Files\fdminst.exe
    2005-06-09 08:02 11,352 ----a-w C:\Program Files\fdm_fre.zip
    2005-06-09 05:47 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
    2005-06-09 05:46 533,574 ----a-w C:\Program Files\pllangs.exe
    2005-06-08 06:36 6,856,328 ----a-w C:\Program Files\zlsSetup_51_039_004.exe
    2005-06-07 10:01 2,314,920 ----a-w C:\Program Files\LimeWireWin.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04F2DF67-3DE1-4F37-97F0-1B002D19D8B3}]
    C:\WINDOWS\System32\vtutu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c50abc06-b541-457d-9386-780bd65095c0}]
    2007-11-03 12:30 81472 --a------ C:\WINDOWS\System32\gphqcuhr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-22 17:09 C:\WINDOWS\SOUNDMAN.EXE]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50]
    "AdslTaskBar"="stmctrl.dll" [2003-12-12 15:50 C:\WINDOWS\system32\stmctrl.dll]
    "AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18]
    "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "Cmaudio"="cmicnfg.cpl" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 23:00]
    "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Microsoft Office"=C:\WINDOWS\System32\mdm.exe
    "Microsoft Windows Driver"=C:\WINDOWS\rundll32.exe
    "Network Security XP"=C:\WINDOWS\System32\nvsvc86.exe

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
    Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
    crehcjid.dll 2007-10-23 18:22 90112 C:\WINDOWS\system32\crehcjid.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°HØ]
    °HØ

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°Ø]
    °Ø

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°èØ]
    °èØ

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°ðØ]
    °ðØ

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\System32\vtstu.dll

    R2 ScFBPNT;CanoScan FBP Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT.SYS
    R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys
    R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
    S3 Asushwio;Asushwio;\??\C:\WINDOWS\system32\drivers\Asushwio.sys
    S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\System32\Drivers\StMp3Rec.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
    S3 W8100PCI;ASUS 802.11b/g Driver;C:\WINDOWS\System32\DRIVERS\MRV8K51.sys
    S4 FFI;FFI;C:\WINDOWS\System32\svchost.exe:exm.exe

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 16:25:17
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FFI]
    "ImagePath"="C:\WINDOWS\System32\svchost.exe:exm.exe"
    .
    Completion time: 2007-11-03 16:28:57 - machine was rebooted
    .
    --- E O F ---
    0
  2. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir

    * Copie les lignes de la citation suivante, d'un trait :

    Files to Delete:
    C:\WINDOWS\system32\gphqcuhr.dll 
    C:\WINDOWS\system32\crehcjid.dll 
    C:\WINDOWS\System32\vtutu.dll 
    


    --> Clic droit / "copier"

    Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

    * Ouvre-le et colle dedans ce que tu viens de copier précédemment
    * Enregistre ce fichier sur ton bureau (nom : mad.txt)

    ouble-clique sur le fichier "avenger.exe"
    * Clique sur "Ok"
    * Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
    * Sélectionne le fichier mad.txt qui est sur ton bureau
    * Clique sur le feu vert pour lancer le script
    * Clique sur "Oui"
    * Accepte de redémarrer ton pc

    après le redémarrage :

    * Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.

    0
  3. kawick Messages postés 40 Statut Membre
     
    Ok

    Desolé mais avenger n'a pas reussi à enregistrer de rapport,par contre j'ai vu qu'il avait reussi à effacer tout.

    Ayant enfin reussi à installer SP2 je post un rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:32:57, on 04/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Fichiers communs\AOL\1169115209\ee\aolsoftware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {04F2DF67-3DE1-4F37-97F0-1B002D19D8B3} - C:\WINDOWS\System32\vtutu.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: {0c59056d-b087-6839-d754-145b60cba05c} - {c50abc06-b541-457d-9386-780bd65095c0} - C:\WINDOWS\System32\gphqcuhr.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
    O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
    O20 - Winlogon Notify: ˆ - ˆ (file missing)
    O20 - Winlogon Notify: ¸ˆ - ¸ˆ (file missing)
    O20 - Winlogon Notify: °HØ - °HØ (file missing)
    O20 - Winlogon Notify: °Ø - °Ø (file missing)
    O20 - Winlogon Notify: °èØ - °èØ (file missing)
    O20 - Winlogon Notify: °ðØ - °ðØ (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    ok pour the avenger, mais es tu sûr qu'il avait supprimé celle ci

    C:\WINDOWS\system32\gphqcuhr.dll

    * lance hijackthis puis coche ces lignes :

    O2 - BHO: (no name) - {04F2DF67-3DE1-4F37-97F0-1B002D19D8B3} - C:\WINDOWS\System32\vtutu.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: {0c59056d-b087-6839-d754-145b60cba05c} - {c50abc06-b541-457d-9386-780bd65095c0} - C:\WINDOWS\System32\gphqcuhr.dll
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')
    O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
    O20 - Winlogon Notify: ˆ - ˆ (file missing)
    O20 - Winlogon Notify: ¸ˆ - ¸ˆ (file missing)
    O20 - Winlogon Notify: °HØ - °HØ (file missing)
    O20 - Winlogon Notify: °Ø - °Ø (file missing)
    O20 - Winlogon Notify: °èØ - °èØ (file missing)
    O20 - Winlogon Notify: °ðØ - °ðØ (file missing)

    * ferme toutes les applications ouvertes et hors connexion, clique sur fix checked

    puis

    * Télécharge SDFix sur ton bureau
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    * Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

    * Redémarre ton ordinateur en mode sans échec

    * Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

    * Appuie sur Y pour commencer le processus de nettoyage.

    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

    * Appuie sur une touche pour redémarrer le PC.

    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

    avec un nouveau log Hijackthis
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kawick Messages postés 40 Statut Membre
     
    Ok

    J'ai relancé avanger,resultat :

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\bsjkroat

    *******************

    Script file located at: \??\C:\Documents and Settings\yckaqpac.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\gphqcuhr.dll deleted successfully.

    File C:\WINDOWS\system32\crehcjid.dll not found!
    Deletion of file C:\WINDOWS\system32\crehcjid.dll failed!

    Could not process line:
    C:\WINDOWS\system32\crehcjid.dll
    Status: 0xc0000034

    File C:\WINDOWS\System32\vtutu.dll not found!
    Deletion of file C:\WINDOWS\System32\vtutu.dll failed!

    Could not process line:
    C:\WINDOWS\System32\vtutu.dll
    Status: 0xc0000034

    Completed script processing.

    *******************

    Finished! Terminate.
    0
  7. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    ok pour the avenger, j'attends la suite.
    0
  8. kawick Messages postés 40 Statut Membre
     
    rapport SDFix :

    SDFix: Version 1.113

    Run by vesier on 04/11/2007 at 15:28

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\vesier\MESDOC~1\Prog\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HKCU HomePage Value

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-04 15:36:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
    "khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
    "khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
    "khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
    "khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
    "khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
    "khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Wed 17 Oct 2007 55,812 ..SH. --- "C:\ntlds.exe"
    Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
    Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
    Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
    Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0b\aolphx.exe"
    Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0b\aoltray.exe"
    Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0b\RBM.exe"
    Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0c\aolphx.exe"
    Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0c\aoltray.exe"
    Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0c\RBM.exe"
    Thu 21 Jun 2007 46,384 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
    Thu 24 May 2007 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
    Thu 24 May 2007 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
    Thu 16 Jun 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0005.tmp"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0006.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0385.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0458.tmp"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0639.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1377.tmp"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1398.tmp"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1437.tmp"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL2919.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL2925.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4025.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4029.tmp"
    Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4060.tmp"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4079.tmp"
    Thu 23 Aug 2007 96,072 A..H. --- "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\WBUnins.exe"

    Finished!

    Rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:44:52, on 04/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Fichiers communs\AOL\1169115209\ee\aolsoftware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe (User 'Default user')
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  9. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    bon, cela commence à devenir bon.
    Rencontres tu encore des problèmes ?
    0
  10. kawick Messages postés 40 Statut Membre
     
    Non,mon pc à l'air d'avoir regagné de la vitesse,surtout au demarrage.

    Encore merci de ton aide.
    0
  11. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    parfait, je pense que tout doit être rentré dans l'ordre maintenant

    Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
    http://perso.orange.fr/AceRothstein/ToolsCleaner2.exe

    # Double clique sur ToolsCleaner2.exe > clique sur Extract sans changer la destination initiale.
    # Ouvre le Poste de Travail > ouvre le Lecteur C:\
    # Ouvre le dossier ToolsCleaner.
    # Double clique sur ToolsCleaner2.bat < inclued picture > et suis les directives.
    # Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt
    # Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

    CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
    Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

    Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

    PUIS IMPORTANT


    * démarrer-----------panneau de configuration------------système----------
    onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
    redémarre l'ordinateur
    réactive la ensuite

    * Pour améliorer la sécurité de ton PC prend quelques instants pour lire

    CECI

    bonne soirée
    0
Précédent
  • 1
  • 2