explorer.exe s'eclate tout seul Résolu/Fermé

Question

Bonjour,
J'ai tenté d'installer MSN messenger et puis bug :j'ai explorer.exe qui se decharge et se recharge continuellement. Meme en mode sans echec. Vous avez une idée?


Logfile of HijackThis v1.99.1
Scan saved at 20:04:50, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\RKlogger Free Edition v 1.3kfree.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3kfree.exe" /b
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

orb42 · Answer

heu rectification c'est MSN messenger + 3.6

g!rly · Answer

bonsoir,

fais un scan avec a-squared Free 3.0

https://www.emsisoft.com/fr/

supprime tout ce qu´il trouve et repost un hijack this 

@+

orb42 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 21:32:19, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\a-squared Free\a2service.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\SECURITE\RKlogger Free Edition v 1.3kfree.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\system32\imapi.exe
D:\SECURITE\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3kfree.exe" /b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

g!rly · Answer

re,

a l aide de hijack this coche et fix ceci :

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

comment se porte explorer.exe?

orb42 · Answer

Pas de changement explorer.exe se decharge toujours, se recharge, etc.. Celà est il du a un virus?? Ne pourrais je pas ecraser le fichier avec celui du CD windows??


Logfile of HijackThis v1.99.1
Scan saved at 22:04:24, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\a-squared Free\a2service.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
D:\SECURITE\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe" /b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

g!rly · Answer

il y avait bien un malware au debut mais erradiqué par asquared : O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe

fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

orb42 · Answer

mince j'ai cru que le pb etait fixé et puis ca recommence 3 mn aprs un redemarrage. Mais c'est quoi ce truc bon sang?? En tout cas je te remercies pour ton aide... ComboFix 07-10-29.1** - JEROME & CLAIRE 2007-11-01 22:29:57.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.607 [GMT 1:00] Running from: D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTISPYWARE\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\JEROME & CLAIRE\Bureau\internet.lnk C:\Program Files\Temporary C:\Program Files\Temporary\wininstall.exe C:\WINDOWS\b122.exe C:\WINDOWS\system32\ututv.bak1 C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\vtutu.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))))))) . 2007-11-01 22:29 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-01 20:27 d-------- C:\Program Files\a-squared Free 2007-11-01 19:03 C:\Documents and Settings\JEROME 2007-11-01 19:03 CLAIRE\Recent 2007-11-01 18:46 28,672 C:\Documents and Settings\JEROME 2007-11-01 18:46 28,672 CLAIRE\iexplorer.exe 2007-11-01 18:41 9,409 --ahs---- C:\WINDOWS\system32\ututv.ini.ren 2007-11-01 18:41 6,470 --ahs---- C:\WINDOWS\system32\ututv.bak1.ren 2007-11-01 18:36 35,840 --a------ C:\WINDOWS\mrofinu1188.exe 2007-11-01 18:36 32,256 --a------ C:\WINDOWS\system32\awttuut.dll 2007-11-01 00:08 d-------- C:\Documents and Settings\All Users\Application Data kfree 2007-10-31 22:56 d-------- C:\Program Files\CustoMess 2007-10-31 22:56 145,408 --a------ C:\WINDOWS\CustoMess_Uninstall.exe 2007-10-30 09:57 d--h----- C:\WINDOWS\$hf_mig$ 2007-10-29 23:18 d-------- C:\WINDOWS\system32\xircom 2007-10-29 19:56 C:\Documents and Settings\JEROME 2007-10-29 19:56 CLAIRE\Application Data\Grisoft 2007-10-29 19:56 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-28 19:38 d-------- C:\WINDOWS\system32\NtmsData 2007-10-28 01:12 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll 2007-10-28 01:12 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll 2007-10-28 01:12 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll 2007-10-28 01:11 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-10-28 01:11 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-10-28 01:11 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-10-28 01:11 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-10-28 01:11 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-10-28 01:11 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-10-28 01:11 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-10-28 01:11 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-10-27 23:42 d-------- C:\WINDOWS\AU_Temp 2007-10-27 23:42 d-------- C:\WINDOWS\AU_Log 2007-10-27 23:41 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-10-27 23:40 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-10-27 23:40 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-10-27 21:50 d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2007-10-27 21:40 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-27 21:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-27 21:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-27 21:40 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-27 18:09 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2007-10-27 18:09 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2007-10-27 09:08 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-10-26 09:06 77,312 --a------ C:\WINDOWS\ua2.dll 2007-10-24 21:33 d-------- C:\Program Files\F-Secure 2007-10-24 20:46 d-------- C:\Program Files\hp deskjet 920c series 2007-10-24 20:46 d-------- C:\Program Files\Hewlett-Packard 2007-10-15 13:03 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-14 23:53 C:\Documents and Settings\JEROME 2007-10-14 23:53 CLAIRE\Application Data\Simply Super Software 2007-10-14 23:53 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2007-10-14 22:16 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2007-10-14 22:16 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2007-10-14 22:16 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2007-10-14 22:14 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-14 21:18 d-------- C:\Program Files\Panda Security 2007-10-14 18:50 2,586 --a------ C:\WINDOWS\system32 mp.reg 2007-10-14 18:41 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-10-14 18:41 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-10-14 18:41 d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-10-14 18:41 d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-10-14 18:41 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-10-14 18:41 d-------- C:\Documents and Settings\Administrateur\Favoris 2007-10-14 18:41 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-10-14 11:22 C:\Documents and Settings\JEROME 2007-10-14 11:22 CLAIRE\Application Data\F-Secure 2007-10-14 11:12 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2007-10-14 10:07 36 -r-h----- C:\WINDOWS\sued.dat 2007-10-13 19:16 d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-10-13 08:09 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll 2007-10-13 08:01 10,053 --a------ C:\WINDOWS\system32\msrep32.dll 2007-10-12 07:59 d-------- C:\Documents and Settings\All Users\Application Data\fssg 2007-10-11 16:11 d-------- C:\WINDOWS\Sun 2007-10-06 07:38 18,688 C:\WINDOWS\system32\drivers\ayefppgh.dat 2007-10-06 07:38 5,120 C:\WINDOWS\system32\drivers\jjgkcwhv.dat 2007-10-04 22:40 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-04 14:00 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-01 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-01 18:06 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\LimeWire 2007-11-01 18:02 28,672 ----a-w C:\Documents and Settings\JEROME & CLAIRE\iexplorer.exe 2007-11-01 17:35 --------- d-----w C:\Program Files\MSN Messenger 2007-10-29 18:56 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\Grisoft 2007-10-25 18:31 --------- d-----w C:\Program Files\Fichiers communs\LightScribe 2007-10-24 16:54 --------- d-----w C:\Program Files\CCleaner 2007-10-15 12:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-15 12:02 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\Lavasoft 2007-10-14 22:53 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\Simply Super Software 2007-10-14 10:23 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\F-Secure 2007-10-10 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-04 20:34 --------- d-----w C:\Program Files\TRELLIAN 2007-10-01 11:15 839,686 ----a-w C:\WINDOWS\Fonts\Crack.exe 2007-10-01 11:15 839,685 --sh--w C:\WINDOWS\Fonts\svchost.exe 2007-09-20 11:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll 2007-09-17 14:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll 2007-09-06 21:18 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\NewsLeecher 2007-09-06 03:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll 2007-09-03 08:22 --------- d-----w C:\Program Files\QuickTime 2007-09-03 07:09 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\Thunderbird 2007-09-03 06:47 --------- d-----w C:\Documents and Settings\JEROME & CLAIRE\Application Data\Talkback 2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-26 16:54 87,608 ----a-w C:\Documents and Settings\JEROME & CLAIRE\Application Data\ezpinst.exe 2007-05-26 16:54 47,360 ----a-w C:\Documents and Settings\JEROME & CLAIRE\Application Data\pcouffin.sys 2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2006-08-25 15:51:14 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2005-12-15 12:00:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 1995-09-20 14:16:28 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll 1995-09-20 14:13:24 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll 1995-09-20 14:16:28 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll 2005-12-15 12:00:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2005-12-15 12:00:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-12-15 12:00:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll 2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-25 17:18:44 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}] 2007-11-01 18:36 32256 --a------ C:\WINDOWS\system32\awttuut.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SsAAD.exe"="D:\MUSIQUE\SONICS~1\SsAAD.exe" [2007-07-20 09:36] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-01-18 17:09] "F-Secure Manager"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 14:12] "F-Secure TNB"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 14:11] "CookiePatrol"="D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35] "rkfree"="D:\SECURITE\RKlogger Free Edition v 1.3 kfree.exe" [2007-11-01 00:12] [HKEY_USERS\.default\software\microsoft\windows\currentversion unonce] "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" "nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf lite.inf,C "tscuninstall"=%systemroot%\system32 scupgrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"=1 (0x1) "NoSetActiveDesktop"=1 (0x1) "NoStartMenuNetworkPlaces"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "MaxRecentDocs"=0 (0x0) "NoBandCustomize"=0 (0x0) "NoSMMyDocs"=1 (0x1) "NoStartMenuMyMusic"=1 (0x1) "NoSMMyPictures"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "NoUserNameInStartMenu"=1 (0x1) "NoStartMenuMFUprogramsList"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"=1 (0x1) "NoSetActiveDesktop"=1 (0x1) "NoStartMenuNetworkPlaces"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "MaxRecentDocs"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoBandCustomize"=0 (0x0) "DisallowRun"=1 (0x1) "NoSMMyDocs"=1 (0x1) "NoStartMenuMyMusic"=1 (0x1) "NoSMMyPictures"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "NoUserNameInStartMenu"=1 (0x1) "NoStartMenuMFUprogramsList"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"=consol.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{CA2DB500-5ECF-11D2-B28F-0080C8383C7B}"= c:\windows\system32\shmswnrc.dll [1999-03-25 09:00 155648] "{25997E08-274A-4217-8F71-C89C754242C1}"= C:\WINDOWS\system32\awttuut.dll [2007-11-01 18:36 32256] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\awttuut] awttuut.dll 2007-11-01 18:36 32256 C:\WINDOWS\system32\awttuut.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk.disabled] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk.disabled backup=C:\WINDOWS\pss\Acrobat Assistant.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk.disabled] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk.disabled backup=C:\WINDOWS\pss\Microsoft Office.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrolCL] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "OPSE reminder"="D:\OUTILS\Scanner.Omnipage\EregFre\Ereg.exe" -r "D:\OUTILS\Scanner.Omnipage\EregFre\ereg.ini" "PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe "SoundMan"=SOUNDMAN.EXE "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation Tune\nTune.exe" clear "Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe "DiskeeperSystray"="D:\OUTILS\Diskeeper.pro.1st\DkIcon.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R0 trm3x5;trm3x5;C:\WINDOWS\system32\DRIVERS rm3x5.sys R0 ykffkcgi;ykffkcgi;C:\WINDOWS\system32\drivers\ayefppgh.dat R1 F-Secure HIPS;F-Secure HIPS;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\HIPS\fshs.sys R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\D:\OUTILS\UltraISO Premium Edition 8.6.3\UltraISO\drivers\ISODrive.sys R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys S4 F-Secure Filter;F-Secure File System Filter;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys . ************************************************************************** catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-01 22:34:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-01 22:35:50 - machine was rebooted . --- E O F ---

g!rly · Answer

ca y est j´ai tilté, ca doit etre la fatigue...

y a une infection vundo cachée...

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

orb42 · Answer

je suis navré mais..vundofix apres 2 scans ne me detecte rien. Qu'esce qui t'as fait supposer celà? Je vais tenter voir un msn fix sait on jamais...

g!rly · Answer

re,

fais ceci 

renomme hijack this en scan.exe et repost un rapport

orb42 · Answer

me revoilà!


Logfile of HijackThis v1.99.1
Scan saved at 23:08:54, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\a-squared Free\a2service.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32	askmgr.exe
D:\SECURITE\Hijackthis\scan.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\awttuut.dll
O2 - BHO: (no name) - {BE3B75C1-1DB1-4985-A38B-B2B4AD4542B0} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3kfree.exe" /b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awttuut - C:\WINDOWS\SYSTEM32\awttuut.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

orb42 · Answer

je devrais peut etre fixer ca:

O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\awttuut.dll 
O2 - BHO: (no name) - {BE3B75C1-1DB1-4985-A38B-B2B4AD4542B0} - C:\WINDOWS\system32\ddcyy.dll 
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)

g!rly · Answer

pour le moment ne fix rien 
att je te donne la manip

g!rly · Answer

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\awttuut.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\consol.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

orb42 · Answer

alors sur les 3 fichiers
C:\WINDOWS\system32\awttuut.dll 
C:\WINDOWS\system32\ddcyy.dll 
C:\WINDOWS\system32\consol.dll 

vundofix ne peut pas supprimer "awttuut.dll" meme apres redemarrage.

mais on dirait que ma barre des taches est stable..a voir

orb42 · Answer

...mille fois merci pour ta patience, ton sens du partage et toute ta devotion.
..Et j'oubliais: https://farm1.static.flickr.com/224/524803118_99be07a6d1.jpg?v=0
(je t'offre ces fleurs fragiles et prisonnieres de ces gouttes de rosée..)
ciao.

orb42 · Answer

*

g!rly · Answer

attends c´est pas totalement finie, merci pour les fleures au passge ;-) 
repost un hijack this stp
mais on peu remettre ca a demain, enfin je prefererais car la je sature...
une bise a claire, je te salut jerome
@+

orb42 · Answer

salut la dedans,
bon ce matin je demarre et ...plouf le cauchemard continue, explorer.exe a encore picolé un peu trop sans moi cette nuit et voilà qu'il me refait des siennes des qu'il peut. 
Donc j'y suis allé franco, ni une ni 2, comme on se connait dejà je lui ait fait le coup du combofix directement apres l'avoir un peu endormi avec un Hijackthis. (J'ai inseré les lignes douteuses de hijackthis dans combofix).  Puis apres un redemar, ben voilà, tout roule comme...sur des roulettes.  Ensuite, scan online avec mon ami bitdefender histoire de voir si je ne suis pas encore assez parano sur ce coup;  Et voilà q'u'il me sort un log a faire criisser les dents, une liste deroulante tres sympa avec tout :

C:\Documents and Settings\**\iexplorer.exe
 Suspecté de: BehavesLike:Win32.Malware
 
C:\Documents and Settings\*\iexplorer.exe
 Echec de la désinfection
 
C:\Documents and Settings\*\iexplorer.exe
 Supprimé
 
C:\qoobox\Quarantine\C\WINDOWS\system32\vtutu.dll.vir
 Détecté avec: Adware.Virtumonde.GHB
 
C:\qoobox\Quarantine\C\WINDOWS\system32\vtutu.dll.vir
 Echec de la désinfection
 
C:\qoobox\Quarantine\C\WINDOWS\system32\vtutu.dll.vir
 Supprimé
 
C:\qoobox\Quarantine\catchme2007-11-01_223337.81.zip=>vtutu.dll
 Détecté avec: Adware.Virtumonde.GHB
 
C:\qoobox\Quarantine\catchme2007-11-01_223337.81.zip=>vtutu.dll
 Echec de la désinfection
 
C:\qoobox\Quarantine\catchme2007-11-01_223337.81.zip=>vtutu.dll
 Supprimé
 
C:\qoobox\Quarantine\catchme2007-11-01_223337.81.zip
 Mis à jour
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP27\A0006654.exe
 Suspecté de: BehavesLike:Win32.Malware
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP27\A0006654.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP27\A0006654.exe
 Supprimé
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP27\A0006664.exe
 Suspecté de: BehavesLike:Win32.Malware
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP27\A0006664.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP27\A0006664.exe
 Supprimé
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP28\A0011792.dll
 Détecté avec: Adware.Virtumonde.GHB
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP28\A0011792.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP28\A0011792.dll
 Supprimé
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0011854.dll
 Détecté avec: Adware.Virtumonde.GHB
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0011854.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0011854.dll
 Supprimé
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013901.dll
 Infecté par: Trojan.Conhook.CX
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013901.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013901.dll
 Supprimé
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013902.dll
 Détecté avec: Adware.Virtumonde.GHB
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013902.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013902.dll
 Supprimé
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013937.exe
 Suspecté de: BehavesLike:Win32.Malware
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013937.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP29\A0013937.exe
 Supprimé
 
C:\VundoFix Backups\awttuut.dll .bad
 Infecté par: Trojan.Conhook.CX
 
C:\VundoFix Backups\awttuut.dll .bad
 Echec de la désinfection
 
C:\VundoFix Backups\awttuut.dll .bad
 Supprimé
 
C:\VundoFix Backups\awttuut.dll.bad
 Infecté par: Trojan.Conhook.CX
 
C:\VundoFix Backups\awttuut.dll.bad
 Echec de la désinfection
 
C:\VundoFix Backups\awttuut.dll.bad
 Supprimé
 
C:\VundoFix Backups\ddcyy.dll .bad
 Détecté avec: Adware.Virtumonde.GHB
 
C:\VundoFix Backups\ddcyy.dll .bad
 Echec de la désinfection
 
C:\VundoFix Backups\ddcyy.dll .bad
 Supprimé
 
C:\VundoFix Backups\vturp.dll.bad
 Détecté avec: Adware.Virtumonde.GHB
 
C:\VundoFix Backups\vturp.dll.bad
 Echec de la désinfection
 
C:\VundoFix Backups\vturp.dll.bad
 Supprimé
 
C:\WINDOWS\mrofinu1188.exe
 Infecté par: Trojan.Agent.AFQR
 
C:\WINDOWS\mrofinu1188.exe
 Echec de la désinfection
 
C:\WINDOWS\mrofinu1188.exe
 Supprimé
 
D:\SECURITE\Hijackthis\backups\backup-20071102-080615-417.dll
 Infecté par: Trojan.Conhook.CX
 
D:\SECURITE\Hijackthis\backups\backup-20071102-080615-417.dll
 Echec de la désinfection
 
D:\SECURITE\Hijackthis\backups\backup-20071102-080615-417.dll
 Supprimé
 
D:\SECURITE\Hijackthis\backups\backup-20071102-080615-484.dll
 Détecté avec: Adware.Virtumonde.GHB
 
D:\SECURITE\Hijackthis\backups\backup-20071102-080615-484.dll
 Echec de la désinfection
 
D:\SECURITE\Hijackthis\backups\backup-20071102-080615-484.dll
 Supprimé
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP25\A0005562.exe=>(Instyler o)=>(Instyler Module 14)
 Infecté par: Trojan.Pws.Hooker.P
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP25\A0005562.exe=>(Instyler o)=>(Instyler Module 14)
 Echec de la désinfection
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP25\A0005562.exe=>(Instyler o)=>(Instyler Module 14)
 Supprimé
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP25\A0005562.exe=>(Instyler o)
 Echec de la mise à jour
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP30\A0013949.dll
 Infecté par: Trojan.Conhook.CX
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP30\A0013949.dll
 Echec de la désinfection
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP30\A0013949.dll
 Supprimé
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP30\A0013950.dll
 Détecté avec: Adware.Virtumonde.GHB
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP30\A0013950.dll
 Echec de la désinfection
 
D:\System Volume Information\_restore{863A5554-1FCF-4B3E-8DDE-A6B526BFF7B0}\RP30\A0013950.dll


//////////////////////////////////




Et franchement ca en devient inquietant, je me demande vraiment ou j'ai pu aller ramasser tout ça.
Peut etre qu'au depart, il n'yen a qu'un, et comme j'ai laissé la "port-e ouverte" , il ramene ses copains...

g!rly · Answer

c´est etonant, ca ne ressemble pas a f-secure...

fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique. 

et 

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

orb42 · Answer

j'arrive un peu tard...

LOG VBG:


[11/02/2007, 23:18:52] - VirtumundoBeGone v1.5 ( "D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTIVIRUS\DIVERS\VirtumundoBeGone.exe" )
[11/02/2007, 23:18:56] - Detected System Information:
[11/02/2007, 23:18:56] -  Windows Version: 5.1.2600, Service Pack 2
[11/02/2007, 23:18:56] -  Current Username: JEROME & CLAIRE (Admin)
[11/02/2007, 23:18:56] -  Windows is in NORMAL mode.
[11/02/2007, 23:18:56] - Searching for Browser Helper Objects:
[11/02/2007, 23:18:56] -  BHO 1: {58F1B951-27D9-4239-B84E-28171D09AF17} ()
[11/02/2007, 23:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/02/2007, 23:18:56] -  Checking for HKLM\...\Winlogon\Notify\vturp
[11/02/2007, 23:18:56] -  Key not found: HKLM\...\Winlogon\Notify\vturp, continuing.
[11/02/2007, 23:18:56] -  BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/02/2007, 23:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/02/2007, 23:18:56] -  No filename found. Continuing.
[11/02/2007, 23:18:56] -  BHO 3: {D6B237A6-DFE1-4816-81EF-960FCD637161} ()
[11/02/2007, 23:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/02/2007, 23:18:56] -  Checking for HKLM\...\Winlogon\Notify\consol
[11/02/2007, 23:18:56] -  Key not found: HKLM\...\Winlogon\Notify\consol, continuing.
[11/02/2007, 23:18:56] - Finished Searching Browser Helper Objects
[11/02/2007, 23:18:56] - Finishing up...
[11/02/2007, 23:18:56] - Nothing found! Exiting...





LOG Hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 23:21:49, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
C:\Program Files\a-squared Free\a2service.exe
D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: (no name) - {58F1B951-27D9-4239-B84E-28171D09AF17} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe" /b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

g!rly · Answer

re,

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\vturp

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

apres on fera un autre truc...

orb42 · Answer

Bon me revoilà, scusi ma j'ai pris du retard;
enfin voilà j'ai utilisé Vundofix mais je n'ai pas de rapport.
Voici le nouveau rapport HIJACKTHIS:



Logfile of HijackThis v1.99.1
Scan saved at 20:12:52, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe
D:\OUTILS\Diskeeper.pro.1st\DkService.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\scan.exe

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe" /b
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

g!rly · Answer

bonjour,

excuse pour le retard...

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html   


@+

orb42 · Answer

Bonjour! g!rly, 

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	20:34:56 02/12/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\xx\Cookies\xx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
G:\Documents and Settings\xx\Cookies\xx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
G:\Documents and Settings\xx\Cookies\xx@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@navrcholu[1].txt -> TrackingCookie.Navrcholu : Nettoyé.
C:\Documents and Settings\xxIRE\Cookies\xx@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.


Fin du rapport

g!rly · Answer

bonsoir orb42,

comment va ton pc?

orb42 · Answer

hey! salut! on n'arrete pas de se croiser..decidement.
j'espere que ton pc aussi se porte bien..

mon pc va ...bien je crois...sauf que Trojan remover me trouve toujours ça sans pouvoir le supprimer:

C:\WINDOWS\system32\drivers\ayefppgh.dat
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykffkcgi\"ImagePath"

C:\WINDOWS\system32\consol.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}

g!rly · Answer

re,

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykffkcgi]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{D6B237A6-DFE1-4816-81EF-960FCD637161}"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit4 est sur la premiere ligne et il y a une ligne blanche a  la fin...
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    
C:\WINDOWS\system32\drivers\ayefppgh.dat
C:\WINDOWS\system32\consol.dll

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

orb42 · Answer

RAPPORT OTMOVE IT: File move failed. C:\WINDOWS\system32\drivers\ayefppgh.dat scheduled to be moved on reboot. File/Folder C:\WINDOWS\system32\consol.dll not found. **************************** RAPPORT COMBOFIX (attention il y a de quoi a lire): ComboFix 07-12-02.5 - XX 2007-12-02 21:54:19.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.610 [GMT 1:00] Running from: D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTISPYWARE\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fonts\a.zip C:\WINDOWS\msettings.ini C:\WINDOWS\Fonts\' . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))))))) . 2007-11-30 08:38 . 2000-12-06 00:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX 2007-11-30 08:38 . 2002-03-04 16:49 177,936 --a------ C:\WINDOWS\system32\sssplt30.ocx 2007-11-30 08:38 . 1998-09-24 13:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp 2007-11-30 08:38 . 1998-09-24 13:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt 2007-11-29 22:13 . C:\Documents and Settings\JEROME 2007-11-29 22:13 CLAIRE\Application Data\Grisoft 2007-11-29 22:13 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-22 15:44 . 2007-11-22 15:43 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp 2007-11-22 15:44 . 2007-11-22 15:44 3,310 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat 2007-11-22 15:40 . 2007-11-22 15:44 133,632 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2007-11-22 15:40 . 2007-11-22 15:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp 2007-11-22 15:40 . 2007-11-22 15:40 11,472 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat 2007-11-21 09:46 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-18 23:06 . C:\Documents and Settings\XX 2007-11-18 23:06 XX\Incomplete 2007-11-15 09:53 . C:\Documents and Settings\XX 2007-11-15 09:53 XX\Application Data\GetRightToGo 2007-11-13 18:53 . 2007-11-13 18:53 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-11-13 09:10 . 2007-11-13 09:15 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-13 09:09 . 2007-12-01 18:42 d-------- C:\Program Files\Windows Live 2007-11-13 09:09 . 2007-11-13 09:09 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-11 19:52 . 2007-11-11 19:52 0 --a------ C:\WINDOWS\system32\drivers\ayefppgh_FAUX.dat 2007-11-08 08:42 . 2007-11-08 08:43 d-------- C:\I386 2007-11-07 21:36 . 2007-11-06 08:42 212 -rahs---- C:\BOOT.BKK 2007-11-07 17:57 . 2007-11-07 17:57 d-------- C:\WINDOWS\Twain32 2007-11-07 04:53 . 2007-11-07 13:31 d-------- C:\installXP_CD.PRE-INSTALL 2007-11-06 22:59 . 2007-11-07 20:03 d-------- C:\Program Files Lite 2007-11-06 22:40 . 2007-11-07 21:35 d-------- C:\installXP 2007-11-06 21:37 . 2007-11-06 22:37 584 --a------ C:\WINDOWS\imsins.BAK 2007-11-06 21:00 . 2005-12-15 13:00 2,113,536 --a--c--- C:\WINDOWS\system32\dllcache\dxdiagn.dll 2007-11-06 09:04 . 2007-11-06 09:04 d-------- C:\Program Files\TGTSoft 2007-11-06 08:41 . 2004-08-19 16:09 47,104 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll 2007-11-06 08:41 . 2004-08-19 16:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll 2007-11-06 08:40 . 2007-11-06 08:40 d-------- C:\WINDOWS\ServicePackFiles 2007-11-05 18:17 . 2005-12-05 13:15 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys 2007-11-05 18:17 . 2005-12-05 13:15 584,448 --a--c--- C:\WINDOWS\system32\dllcache\adm8810.sys 2007-11-05 18:17 . 2005-12-05 13:15 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys 2007-11-05 18:17 . 2005-12-05 13:15 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys 2007-11-05 18:17 . 2005-12-05 13:15 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys 2007-11-05 18:17 . 2004-08-03 22:32 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys 2007-11-03 08:11 . 2007-11-03 08:11 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl 2007-11-03 08:11 . 2007-11-03 08:11 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-11-02 00:33 . 2007-11-02 08:18 23,905 ---hs---- C:\WINDOWS\system32\prutv.ini 2007-11-02 00:33 . 2007-11-02 00:33 6,470 ---hs---- C:\WINDOWS\system32\prutv.bak1 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-02 15:11 --------- d-----w C:\Documents and Settings\XX\Application Data\LimeWire 2007-11-30 07:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 21:13 --------- d-----w C:\Documents and Settings\XX\Application Data\Grisoft 2007-11-22 15:03 --------- d-----w C:\Documents and Settings\XX\Application Data\Sonic Foundry 2007-11-17 14:22 --------- d-----w C:\Program Files\a-squared Free 2007-11-15 08:54 --------- d-----w C:\Documents and Settings\XX\Application Data\GetRightToGo 2007-11-10 08:45 --------- d-----w C:\Program Files\Navilog1 2007-11-07 14:55 --------- d-----w C:\Program Files\hp deskjet 920c series 2007-11-03 07:11 --------- d-----w C:\Program Files\Fichiers communs\Real 2007-11-01 23:49 --------- d-----w C:\Program Files\QuickTime 2007-11-01 21:39 6,510 ------w C:\WINDOWS\system32\yycdd.bak1 2007-11-01 18:15 9,409 --sha-w C:\WINDOWS\system32\ututv.ini.ren 2007-11-01 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-01 18:08 6,470 --sha-w C:\WINDOWS\system32\ututv.bak1.ren 2007-10-31 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data kfree 2007-10-31 21:56 --------- d-----w C:\Program Files\CustoMess 2007-10-27 22:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL 2007-10-27 22:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL 2007-10-27 22:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE 2007-10-27 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2007-10-27 18:15 --------- d-----w C:\Program Files\F-Secure 2007-10-27 18:09 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys 2007-10-27 18:09 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys 2007-10-27 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure 2007-10-27 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2007-10-27 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-27 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-10-27 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-26 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2007-10-26 08:06 77,312 ----a-w C:\WINDOWS\ua2.dll 2007-10-25 18:31 --------- d-----w C:\Program Files\Fichiers communs\LightScribe 2007-10-24 19:46 --------- d-----w C:\Program Files\Hewlett-Packard 2007-10-24 16:54 --------- d-----w C:\Program Files\CCleaner 2007-10-23 17:57 5,120 ----a-w C:\WINDOWS\system32\drivers\jjgkcwhv.dat 2007-10-23 17:57 18,688 ----a-w C:\WINDOWS\system32\drivers\ayefppgh.dat 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-15 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-15 12:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-15 12:02 --------- d-----w C:\Documents and Settings\XX\Application Data\Lavasoft 2007-10-14 22:53 --------- d-----w C:\Documents and Settings\XX\Application Data\Simply Super Software 2007-10-14 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software 2007-10-14 10:23 --------- d-----w C:\Documents and Settings\XX\Application Data\F-Secure 2007-10-13 07:02 10,053 ----a-w C:\WINDOWS\system32\msrep32.dll 2007-10-10 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-04 20:34 --------- d-----w C:\Program Files\TRELLIAN 2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-20 11:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll 2007-09-17 14:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll 2007-09-06 03:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll 2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe 2007-05-26 16:54 87,608 ----a-w C:\Documents and Settings\XX\Application Data\ezpinst.exe 2007-05-26 16:54 47,360 ----a-w C:\Documents and Settings\XX \Application Data\pcouffin.sys 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2005-12-15 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll 1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll 1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll 2004-08-19 15:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2005-12-15 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2004-08-19 15:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-25 17:18 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}] C:\WINDOWS\system32\consol.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-03-23 00:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SsAAD.exe"="D:\MUSIQUE\SONICS~1\SsAAD.exe" [2007-07-20 09:36] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-01-18 17:09] "F-Secure Manager"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 14:12] "F-Secure TNB"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 14:11] "CookiePatrol"="D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35] "PestPatrolCL"="" [] "SunJavaUpdateSched"="D:\OUTILS\JAVA\bin\jusched.exe" [2007-09-25 01:11] "!AVG Anti-Spyware"="D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-19 16:09 C:\WINDOWS\system32\cmd.exe] "nlhr"="RunDll32.exe" [2004-08-19 16:10 C:\WINDOWS\system32 undll32.exe] "tscuninstall"="C:\WINDOWS\system32 scupgrd.exe" [2005-12-15 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 1 (0x1) "NoSetActiveDesktop"= 1 (0x1) "NoStartMenuNetworkPlaces"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "MaxRecentDocs"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "NoSMMyDocs"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) "NoStartMenuMFUprogramsList"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 1 (0x1) "NoSetActiveDesktop"= 1 (0x1) "NoStartMenuNetworkPlaces"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "MaxRecentDocs"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "DisallowRun"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) "NoStartMenuMFUprogramsList"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= consol.dll [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{CA2DB500-5ECF-11D2-B28F-0080C8383C7B}"= c:\windows\system32\shmswnrc.dll [1999-03-25 09:00 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "OPSE reminder"="D:\OUTILS\Scanner.Omnipage\EregFre\Ereg.exe" -r "D:\OUTILS\Scanner.Omnipage\EregFre\ereg.ini" "PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe "SoundMan"=SOUNDMAN.EXE "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation Tune\nTune.exe" clear "Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe "DiskeeperSystray"="D:\OUTILS\Diskeeper.pro.1st\DkIcon.exe" R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R0 trm3x5;trm3x5;C:\WINDOWS\system32\DRIVERS rm3x5.sys R0 ykffkcgi;ykffkcgi;C:\WINDOWS\system32\drivers\ayefppgh.dat R1 F-Secure HIPS;F-Secure HIPS;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\HIPS\fshs.sys R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\D:\OUTILS\UltraISO Premium Edition 8.6.3\UltraISO\drivers\ISODrive.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys S4 F-Secure Filter;F-Secure File System Filter;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 21:58:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-02 21:59:21 - machine was rebooted C:\ComboFix2.txt ... 2007-11-01 22:35 . --- E O F ---

g!rly · Answer

re.

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\sssplt30.ocx
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.dll
C:\WINDOWS\system32\consol.dll
c:\windows\system32\shmswnrc.dll
C:\WINDOWS\system32\drivers\ayefppgh.dat

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"=-
"nlhr"=-
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowr un]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CA2DB500-5ECF-11D2-B28F-0080C8383C7B}"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

orb42 · Answer

Voilà, alors: RAPPORT COMBOFIX: ComboFix 07-12-02.5 - XX 2007-12-03 4:38:19.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.570 [GMT 1:00] Running from: D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTISPYWARE\ComboFix.exe Command switches used :: D:\DOCS\_A EFFACER\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\consol.dll C:\WINDOWS\system32\drivers\ayefppgh.dat C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.dll C:\WINDOWS\system32\prutv.ini c:\windows\system32\shmswnrc.dll C:\WINDOWS\system32\SpoonUninstall.exe C:\WINDOWS\system32\sssplt30.ocx . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\ayefppgh.dat C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.ini c:\windows\system32\shmswnrc.dll C:\WINDOWS\system32\SpoonUninstall.exe C:\WINDOWS\system32\sssplt30.ocx . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))))))) . 2007-11-30 08:38 . 2000-12-06 00:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX 2007-11-30 08:38 . 1998-09-24 13:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp 2007-11-30 08:38 . 1998-09-24 13:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt 2007-11-29 22:13 . C:\Documents and Settings\XX 2007-11-29 22:13 XX\Application Data\Grisoft 2007-11-29 22:13 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-22 15:44 . 2007-11-22 15:43 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp 2007-11-22 15:44 . 2007-11-22 15:44 3,310 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat 2007-11-22 15:40 . 2007-11-22 15:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp 2007-11-22 15:40 . 2007-11-22 15:40 11,472 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat 2007-11-21 09:46 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-18 23:06 . C:\Documents and Settings\XX 2007-11-18 23:06 XX\Incomplete 2007-11-15 09:53 . C:\Documents and Settings\XX 2007-11-15 09:53 XX\Application Data\GetRightToGo 2007-11-13 18:53 . 2007-11-13 18:53 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-11-13 09:10 . 2007-11-13 09:15 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-13 09:09 . 2007-12-01 18:42 d-------- C:\Program Files\Windows Live 2007-11-13 09:09 . 2007-11-13 09:09 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-11 19:52 . 2007-11-11 19:52 0 --a------ C:\WINDOWS\system32\drivers\ayefppgh_FAUX.dat 2007-11-08 08:42 . 2007-11-08 08:43 d-------- C:\I386 2007-11-07 21:36 . 2007-11-06 08:42 212 -rahs---- C:\BOOT.BKK 2007-11-07 17:57 . 2007-11-07 17:57 d-------- C:\WINDOWS\Twain32 2007-11-07 04:53 . 2007-11-07 13:31 d-------- C:\installXP_CD.PRE-INSTALL 2007-11-06 22:59 . 2007-11-07 20:03 d-------- C:\Program Files Lite 2007-11-06 22:40 . 2007-11-07 21:35 d-------- C:\installXP 2007-11-06 21:37 . 2007-11-06 22:37 584 --a------ C:\WINDOWS\imsins.BAK 2007-11-06 21:00 . 2005-12-15 13:00 2,113,536 --a--c--- C:\WINDOWS\system32\dllcache\dxdiagn.dll 2007-11-06 09:04 . 2007-11-06 09:04 d-------- C:\Program Files\TGTSoft 2007-11-06 08:41 . 2004-08-19 16:09 47,104 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll 2007-11-06 08:41 . 2004-08-19 16:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll 2007-11-06 08:40 . 2007-11-06 08:40 d-------- C:\WINDOWS\ServicePackFiles 2007-11-05 18:17 . 2005-12-05 13:15 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys 2007-11-05 18:17 . 2005-12-05 13:15 584,448 --a--c--- C:\WINDOWS\system32\dllcache\adm8810.sys 2007-11-05 18:17 . 2005-12-05 13:15 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys 2007-11-05 18:17 . 2005-12-05 13:15 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys 2007-11-05 18:17 . 2005-12-05 13:15 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys 2007-11-05 18:17 . 2004-08-03 22:32 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys 2007-11-03 08:11 . 2007-11-03 08:11 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl 2007-11-03 08:11 . 2007-11-03 08:11 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-02 15:11 --------- d-----w C:\Documents and Settings\XX & XX\Application Data\LimeWire 2007-11-30 07:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 21:13 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Grisoft 2007-11-22 15:03 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Sonic Foundry 2007-11-17 14:22 --------- d-----w C:\Program Files\a-squared Free 2007-11-15 08:54 --------- d-----w C:\Documents and Settings\XX XX\Application Data\GetRightToGo 2007-11-10 08:45 --------- d-----w C:\Program Files\Navilog1 2007-11-07 14:55 --------- d-----w C:\Program Files\hp deskjet 920c series 2007-11-03 07:11 --------- d-----w C:\Program Files\Fichiers communs\Real 2007-11-01 23:49 --------- d-----w C:\Program Files\QuickTime 2007-11-01 21:39 6,510 ------w C:\WINDOWS\system32\yycdd.bak1 2007-11-01 18:15 9,409 --sha-w C:\WINDOWS\system32\ututv.ini.ren 2007-11-01 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-01 18:08 6,470 --sha-w C:\WINDOWS\system32\ututv.bak1.ren 2007-10-31 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data kfree 2007-10-31 21:56 --------- d-----w C:\Program Files\CustoMess 2007-10-27 22:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL 2007-10-27 22:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL 2007-10-27 22:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE 2007-10-27 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2007-10-27 18:15 --------- d-----w C:\Program Files\F-Secure 2007-10-27 18:09 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys 2007-10-27 18:09 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys 2007-10-27 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure 2007-10-27 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2007-10-27 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-27 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-10-27 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-26 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2007-10-26 08:06 77,312 ----a-w C:\WINDOWS\ua2.dll 2007-10-25 18:31 --------- d-----w C:\Program Files\Fichiers communs\LightScribe 2007-10-24 19:46 --------- d-----w C:\Program Files\Hewlett-Packard 2007-10-24 16:54 --------- d-----w C:\Program Files\CCleaner 2007-10-23 17:57 5,120 ----a-w C:\WINDOWS\system32\drivers\jjgkcwhv.dat 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-15 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-15 12:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-15 12:02 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Lavasoft 2007-10-14 22:53 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Simply Super Software 2007-10-14 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software 2007-10-14 10:23 --------- d-----w C:\Documents and Settings\XX XX\Application Data\F-Secure 2007-10-13 07:02 10,053 ----a-w C:\WINDOWS\system32\msrep32.dll 2007-10-10 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-04 20:34 --------- d-----w C:\Program Files\TRELLIAN 2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-20 11:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll 2007-09-17 14:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll 2007-09-06 03:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll 2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe 2007-05-26 16:54 87,608 ----a-w C:\Documents and Settings\XX XX\Application Data\ezpinst.exe 2007-05-26 16:54 47,360 ----a-w C:\Documents and Settings\XX XX\Application Data\pcouffin.sys 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2005-12-15 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll 1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll 1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll 2004-08-19 15:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2005-12-15 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2004-08-19 15:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-25 17:18 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-02_21.58.22.60 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-19 15:09:22 47,104 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\coadmin.dll + 2004-08-19 15:09:26 184,435 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4amsft.dll + 2004-08-19 15:09:26 82,035 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4anscp.dll + 2004-08-19 15:09:26 147,513 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4apws.dll + 2004-08-19 15:09:26 49,210 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4areg.dll + 2004-08-19 15:09:26 102,509 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4atxt.dll + 2004-08-19 15:09:26 41,020 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4avnb.dll + 2004-08-19 15:09:26 32,826 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4avss.dll + 2004-08-19 15:09:26 49,212 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4awebs.dll + 2004-08-19 15:09:26 876,653 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4awel.dll + 2004-08-19 15:09:56 15,120 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp98sadm.exe + 2004-08-19 15:09:56 109,840 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp98swin.exe + 2004-08-19 15:09:56 188,494 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fpcount.exe + 2007-12-03 03:41:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}] C:\WINDOWS\system32\consol.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-03-23 00:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SsAAD.exe"="D:\MUSIQUE\SONICS~1\SsAAD.exe" [2007-07-20 09:36] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-01-18 17:09] "F-Secure Manager"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 14:12] "F-Secure TNB"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 14:11] "CookiePatrol"="D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35] "PestPatrolCL"="" [] "SunJavaUpdateSched"="D:\OUTILS\JAVA\bin\jusched.exe" [2007-09-25 01:11] "!AVG Anti-Spyware"="D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32 scupgrd.exe" [2005-12-15 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 1 (0x1) "NoSetActiveDesktop"= 1 (0x1) "NoStartMenuNetworkPlaces"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "MaxRecentDocs"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "NoSMMyDocs"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) "NoStartMenuMFUprogramsList"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 1 (0x1) "NoSetActiveDesktop"= 1 (0x1) "NoStartMenuNetworkPlaces"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "MaxRecentDocs"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "DisallowRun"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) "NoStartMenuMFUprogramsList"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "OPSE reminder"="D:\OUTILS\Scanner.Omnipage\EregFre\Ereg.exe" -r "D:\OUTILS\Scanner.Omnipage\EregFre\ereg.ini" "PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe "SoundMan"=SOUNDMAN.EXE "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation Tune\nTune.exe" clear "Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe "DiskeeperSystray"="D:\OUTILS\Diskeeper.pro.1st\DkIcon.exe" R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R0 trm3x5;trm3x5;C:\WINDOWS\system32\DRIVERS rm3x5.sys R1 F-Secure HIPS;F-Secure HIPS;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\HIPS\fshs.sys R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\D:\OUTILS\UltraISO Premium Edition 8.6.3\UltraISO\drivers\ISODrive.sys R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys S0 ykffkcgi;ykffkcgi;C:\WINDOWS\system32\drivers\ayefppgh.dat S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys S4 F-Secure Filter;F-Secure File System Filter;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 04:41:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\LastGood ************************************************************************** . Completion time: 2007-12-03 4:43:12 - machine was rebooted C:\ComboFix2.txt ... 2007-12-02 21:59 C:\ComboFix3.txt ... 2007-11-01 22:35 . --- E O F --- ################################## ################################## RAPPORT HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 04:47:55, on 03/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\MUSIQUE\SONICS~1\SsAAD.exe C:\Program Files\ASUS\PC Probe II\Probe2.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe D:\OUTILS\JAVA\bin\jusched.exe D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe D:\SECURITE\Hijackthis\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\OUTILS\JAVA\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing) O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\OUTILS\JAVA\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Acrobat Assistant.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk.disabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

g!rly · Answer

salut orb,

fais analyser ceci :

{D6B237A6-DFE1-4816-81EF-960FCD637161}

avec ceci :

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

{D6B237A6-DFE1-4816-81EF-960FCD637161}

- Type de recherche : sélectionne l'option 6 puis valide


OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

@+

orb42 · Answer

salut!

voiçi:



03/12/2007 ---- 16:37:46,51  

----------------------------------
§§§§§§ [{D6B237A6-DFE1-4816-81EF-960FCD637161}] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B237A6-DFE1-4816-81EF-960FCD637161}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6B237A6-DFE1-4816-81EF-960FCD637161}\iexplore]

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

g!rly · Answer

re,

coche et fix cei a l´aide hijack this :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
[-HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
[-HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit est sur la premiere ligne et il y a une ligne blanche a la fin 
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

repost un hijack this

@+

orb42 · Answer

je crois bien que ça y est, j'ai l'impression que le log est clean!




Logfile of HijackThis v1.99.1
Scan saved at 17:58:32, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\OUTILS\JAVA\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SECURITE\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\OUTILS\JAVA\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\OUTILS\JAVA\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

g!rly · Answer

oui ;-)

coche et fix encore ceci, un oublie de ma part:

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

par contre tes mises a jour windows ne sont as a jour :

tu surf avec internet explorer 6.0 = failles de securité importantes

alors fais les maj -> tu veux la version 7.0 d´ie

et pourquoi  pas surfer avec firefox tout en gardant la version 7.0 pour les maj windows 

http://www.firefox.fr/ 

dis moi quoi 

@+

orb42 · Answer

je ne te remercierais jamais assez pour le temps que tu as bien voulu m'accorder - et accorder aux autres içi. D'ailleurs du coup dans l'attente entre 2 messages je commençais à aller dans la rubrique "ils ont besoin de vous" et ça y est ,maintenant je commence à devenir "accro" au support en ligne. C'est peut etre ma maniere de rendre ce que je reçois. (ouh que c'est beau ça !). merçi pour tes conseils. IE7 est consideré sans faille de vulnerabilité depuis quelques temps?

g!rly · Answer

re,

je t´en prie...

de rien ;-)

ie 7.0 moins sur que firefox...

pour l´entraide si tu te sents, oui tu es le bienvenue ;-)

@+

orb42 · Answer

.

Explorer.exe s'eclate tout seul

39 réponses

Discussions similaires