Ntos.exe - Page 2
Résolu
Précédent
- 1
- 2
-
De retour,
***Le rapport avenger :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\roiejhe
Script file located at: \??\C:\WINDOWS\cmdaotfq.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\windows\system32\yayywvt.dll deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
***Le rapport combo fix :
ComboFix 07-11-01.1 - vesier 2007-11-03 16:17:52.1 - NTFSx86
Running from: C:\Documents and Settings\vesier\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\System32\vtstu.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.
2007-11-03 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 12:30 81,472 --a------ C:\WINDOWS\system32\gphqcuhr.dll
2007-11-02 22:51 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2007-11-02 22:51 <REP> d-------- C:\WINDOWS\LastGood
2007-11-01 00:38 <REP> d-------- C:\VundoFix Backups
2007-11-01 00:36 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 22:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-31 10:29 <REP> d-------- C:\WINDOWS\pss
2007-10-27 10:43 <REP> d-------- C:\Documents and Settings\vesier\Application Data\Apple Computer
2007-10-27 09:34 <REP> d-------- C:\Program Files\splus
2007-10-24 23:16 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.15
2007-10-24 21:55 33,792 --a------ C:\WINDOWS\system32\drivers\disk.sys
2007-10-24 21:55 33,792 --a--c--- C:\WINDOWS\system32\dllcache\disk.sys
2007-10-24 20:27 <REP> d-------- C:\Program Files\MediaCoder
2007-10-23 18:22 90,112 --a------ C:\WINDOWS\system32\crehcjid.dll
2007-10-23 18:22 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2007-10-20 15:56 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
2007-10-20 15:56 <REP> d-------- C:\Program Files\QuickTime
2007-10-20 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 15:55 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2007-10-20 15:55 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-20 15:52 <REP> d-------- C:\Program Files\Kodak
2007-10-20 15:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-10-17 23:26 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-17 16:56 <REP> d-------- C:\Documents and Settings\vesier\Application Data\Talkback
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(5).dll
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(4).dll
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(3).dll
2007-10-17 14:12 <REP> d-------- C:\WINDOWS\system32\bits
2007-10-17 14:10 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp(4).dll
2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp(3).dll
2007-10-17 14:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2007-10-17 14:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-10-17 14:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-10-17 14:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-10-17 14:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-10-17 14:09 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-17 13:53 55,812 ---hs---- C:\ntlds.exe
2007-10-17 13:44 541,090 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2007-10-17 13:44 401,408 -ra------ C:\WINDOWS\stmchart.exe
2007-10-17 13:44 249,856 -ra------ C:\WINDOWS\editadsl.exe
2007-10-17 13:44 180,224 --a------ C:\WINDOWS\system32\stmcfg32.dll
2007-10-17 13:44 94,208 -ra------ C:\WINDOWS\stmtrace.exe
2007-10-17 13:44 60,255 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2007-10-16 20:16 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
2007-10-15 19:45 83,712 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-10-15 19:45 18,560 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-10-15 19:45 16,384 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-15 19:45 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-15 19:44 3,346,432 --a--c--- C:\WINDOWS\system32\dllcache\msgr3en.dll
2007-10-15 19:44 106,562 --a--c--- C:\WINDOWS\system32\dllcache\srchctls.dll
2007-10-15 19:36 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-10-15 19:36 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-10-15 16:31 100,864 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon(3).dll
2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon(2).dll
2007-10-15 16:31 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda(3).dll
2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda(2).dll
2007-10-15 15:48 57,728 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-15 15:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-10-15 15:26 <REP> d-------- C:\WINDOWS\NV780308.TMP
2007-10-15 14:59 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-10-15 14:59 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-15 14:59 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser(3).dll
2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll
2007-10-15 14:58 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-10-15 14:58 73,216 --a------ C:\WINDOWS\system32\storprop.dll
2007-10-15 14:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-15 14:58 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-15 14:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-15 14:58 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-15 14:58 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-10-15 14:58 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2007-10-13 15:45 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2007-10-13 15:45 1,332,544 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-10-13 15:45 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2007-10-13 15:45 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-10-13 15:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-10-13 15:45 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-10-13 15:45 167,936 -ra------ C:\WINDOWS\system32\cmuda.dll
2007-10-13 15:45 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2007-10-13 15:45 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-10-13 15:43 297,600 -ra------ C:\WINDOWS\system32\drivers\MRV8K51.sys
2007-10-13 09:29 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 15:08 --------- d-----w C:\Documents and Settings\vesier\Application Data\Free Download Manager
2007-10-31 21:33 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-31 09:28 --------- d-----w C:\Program Files\eMule
2007-10-30 17:19 2,266 ----a-w C:\Documents and Settings\vesier\Application Data\wklnhst.dat
2007-10-30 12:56 --------- d-----w C:\Program Files\CDDC-MahJongg
2007-10-16 19:54 --------- d-----w C:\Program Files\D-Tools
2007-10-15 21:46 --------- d-----w C:\Program Files\MSN Messenger
2007-10-15 18:42 --------- d-----w C:\Program Files\Services en ligne
2007-09-25 21:44 --------- d-----w C:\Program Files\Panda Security
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-05 20:11 --------- d-----w C:\Program Files\Lavalys
2007-09-04 07:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AOL
2007-09-03 20:40 --------- d-----w C:\Program Files\CDex_150
2007-09-03 20:33 --------- d-----w C:\Program Files\WAVmaker
2007-09-03 20:30 --------- d-----w C:\Program Files\MyBuy
2007-09-03 20:26 --------- d-----w C:\Program Files\PeerGuardian2
2005-06-09 08:03 1,365,840 ----a-w C:\Program Files\fdminst.exe
2005-06-09 08:02 11,352 ----a-w C:\Program Files\fdm_fre.zip
2005-06-09 05:47 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-06-09 05:46 533,574 ----a-w C:\Program Files\pllangs.exe
2005-06-08 06:36 6,856,328 ----a-w C:\Program Files\zlsSetup_51_039_004.exe
2005-06-07 10:01 2,314,920 ----a-w C:\Program Files\LimeWireWin.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04F2DF67-3DE1-4F37-97F0-1B002D19D8B3}]
C:\WINDOWS\System32\vtutu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c50abc06-b541-457d-9386-780bd65095c0}]
2007-11-03 12:30 81472 --a------ C:\WINDOWS\System32\gphqcuhr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 17:09 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50]
"AdslTaskBar"="stmctrl.dll" [2003-12-12 15:50 C:\WINDOWS\system32\stmctrl.dll]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Cmaudio"="cmicnfg.cpl" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 23:00]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Office"=C:\WINDOWS\System32\mdm.exe
"Microsoft Windows Driver"=C:\WINDOWS\rundll32.exe
"Network Security XP"=C:\WINDOWS\System32\nvsvc86.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-10-23 18:22 90112 C:\WINDOWS\system32\crehcjid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°HØ]
°HØ
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°Ø]
°Ø
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°èØ]
°èØ
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°ðØ]
°ðØ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\vtstu.dll
R2 ScFBPNT;CanoScan FBP Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT.SYS
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 Asushwio;Asushwio;\??\C:\WINDOWS\system32\drivers\Asushwio.sys
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\System32\Drivers\StMp3Rec.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 W8100PCI;ASUS 802.11b/g Driver;C:\WINDOWS\System32\DRIVERS\MRV8K51.sys
S4 FFI;FFI;C:\WINDOWS\System32\svchost.exe:exm.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 16:25:17
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FFI]
"ImagePath"="C:\WINDOWS\System32\svchost.exe:exm.exe"
.
Completion time: 2007-11-03 16:28:57 - machine was rebooted
.
--- E O F --- -
bonsoir
* Copie les lignes de la citation suivante, d'un trait :
Files to Delete: C:\WINDOWS\system32\gphqcuhr.dll C:\WINDOWS\system32\crehcjid.dll C:\WINDOWS\System32\vtutu.dll
--> Clic droit / "copier"
Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".
* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)
ouble-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc
après le redémarrage :
* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.
-
Ok
Desolé mais avenger n'a pas reussi à enregistrer de rapport,par contre j'ai vu qu'il avait reussi à effacer tout.
Ayant enfin reussi à installer SP2 je post un rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:57, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\AOL\1169115209\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {04F2DF67-3DE1-4F37-97F0-1B002D19D8B3} - C:\WINDOWS\System32\vtutu.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {0c59056d-b087-6839-d754-145b60cba05c} - {c50abc06-b541-457d-9386-780bd65095c0} - C:\WINDOWS\System32\gphqcuhr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: ˆ - ˆ (file missing)
O20 - Winlogon Notify: ¸ˆ - ¸ˆ (file missing)
O20 - Winlogon Notify: °HØ - °HØ (file missing)
O20 - Winlogon Notify: °Ø - °Ø (file missing)
O20 - Winlogon Notify: °èØ - °èØ (file missing)
O20 - Winlogon Notify: °ðØ - °ðØ (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-
bonjour,
ok pour the avenger, mais es tu sûr qu'il avait supprimé celle ci
C:\WINDOWS\system32\gphqcuhr.dll
* lance hijackthis puis coche ces lignes :
O2 - BHO: (no name) - {04F2DF67-3DE1-4F37-97F0-1B002D19D8B3} - C:\WINDOWS\System32\vtutu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {0c59056d-b087-6839-d754-145b60cba05c} - {c50abc06-b541-457d-9386-780bd65095c0} - C:\WINDOWS\System32\gphqcuhr.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: ˆ - ˆ (file missing)
O20 - Winlogon Notify: ¸ˆ - ¸ˆ (file missing)
O20 - Winlogon Notify: °HØ - °HØ (file missing)
O20 - Winlogon Notify: °Ø - °Ø (file missing)
O20 - Winlogon Notify: °èØ - °èØ (file missing)
O20 - Winlogon Notify: °ðØ - °ðØ (file missing)
* ferme toutes les applications ouvertes et hors connexion, clique sur fix checked
puis
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
avec un nouveau log Hijackthis
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Ok
J'ai relancé avanger,resultat :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bsjkroat
*******************
Script file located at: \??\C:\Documents and Settings\yckaqpac.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\gphqcuhr.dll deleted successfully.
File C:\WINDOWS\system32\crehcjid.dll not found!
Deletion of file C:\WINDOWS\system32\crehcjid.dll failed!
Could not process line:
C:\WINDOWS\system32\crehcjid.dll
Status: 0xc0000034
File C:\WINDOWS\System32\vtutu.dll not found!
Deletion of file C:\WINDOWS\System32\vtutu.dll failed!
Could not process line:
C:\WINDOWS\System32\vtutu.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate. -
re
ok pour the avenger, j'attends la suite.
-
rapport SDFix :
SDFix: Version 1.113
Run by vesier on 04/11/2007 at 15:28
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\vesier\MESDOC~1\Prog\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HKCU HomePage Value
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 15:36:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 17 Oct 2007 55,812 ..SH. --- "C:\ntlds.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0b\aolphx.exe"
Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0b\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0b\RBM.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0c\aolphx.exe"
Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0c\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0c\RBM.exe"
Thu 21 Jun 2007 46,384 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
Thu 24 May 2007 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
Thu 24 May 2007 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
Thu 16 Jun 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0006.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0385.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0458.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0639.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1377.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1398.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1437.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL2919.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL2925.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4025.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4029.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4060.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4079.tmp"
Thu 23 Aug 2007 96,072 A..H. --- "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\WBUnins.exe"
Finished!
Rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:52, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\AOL\1169115209\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-
re
bon, cela commence à devenir bon.
Rencontres tu encore des problèmes ?
-
Non,mon pc à l'air d'avoir regagné de la vitesse,surtout au demarrage.
Encore merci de ton aide. -
bonsoir,
parfait, je pense que tout doit être rentré dans l'ordre maintenant
Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://perso.orange.fr/AceRothstein/ToolsCleaner2.exe
# Double clique sur ToolsCleaner2.exe > clique sur Extract sans changer la destination initiale.
# Ouvre le Poste de Travail > ouvre le Lecteur C:\
# Ouvre le dossier ToolsCleaner.
# Double clique sur ToolsCleaner2.bat < inclued picture > et suis les directives.
# Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt
# Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
PUIS IMPORTANT
* démarrer-----------panneau de configuration------------système----------
onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
redémarre l'ordinateur
réactive la ensuite
* Pour améliorer la sécurité de ton PC prend quelques instants pour lire
CECI
bonne soirée
Précédent
- 1
- 2