Explorer.exe s'eclate tout seul

Résolu

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention -
orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention - 11 déc. 2007 à 10:10

Bonjour,
J'ai tenté d'installer MSN messenger et puis bug :j'ai explorer.exe qui se decharge et se recharge continuellement. Meme en mode sans echec. Vous avez une idée?

Logfile of HijackThis v1.99.1
Scan saved at 20:04:50, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe" /b
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Afficher la suite

A voir également:

Explorer.exe s'eclate tout seul
Explorer.exe - Télécharger - Divers Utilitaires
Mon téléphone envoie des sms tout seul - Forum Samsung
Mon iphone se verrouille tout seul - Forum iPhone
Son dans un seul écouteur avec fil ✓ - Forum Audio
Volume qui augmente tout seul xiaomi - Forum Jeux vidéos smartphones

39 réponses

Réponse 21 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

j'arrive un peu tard...

LOG VBG:

[11/02/2007, 23:18:52] - VirtumundoBeGone v1.5 ( "D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTIVIRUS\DIVERS\VirtumundoBeGone.exe" )
[11/02/2007, 23:18:56] - Detected System Information:
[11/02/2007, 23:18:56] - Windows Version: 5.1.2600, Service Pack 2
[11/02/2007, 23:18:56] - Current Username: JEROME & CLAIRE (Admin)
[11/02/2007, 23:18:56] - Windows is in NORMAL mode.
[11/02/2007, 23:18:56] - Searching for Browser Helper Objects:
[11/02/2007, 23:18:56] - BHO 1: {58F1B951-27D9-4239-B84E-28171D09AF17} ()
[11/02/2007, 23:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/02/2007, 23:18:56] - Checking for HKLM\...\Winlogon\Notify\vturp
[11/02/2007, 23:18:56] - Key not found: HKLM\...\Winlogon\Notify\vturp, continuing.
[11/02/2007, 23:18:56] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/02/2007, 23:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/02/2007, 23:18:56] - No filename found. Continuing.
[11/02/2007, 23:18:56] - BHO 3: {D6B237A6-DFE1-4816-81EF-960FCD637161} ()
[11/02/2007, 23:18:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/02/2007, 23:18:56] - Checking for HKLM\...\Winlogon\Notify\consol
[11/02/2007, 23:18:56] - Key not found: HKLM\...\Winlogon\Notify\consol, continuing.
[11/02/2007, 23:18:56] - Finished Searching Browser Helper Objects
[11/02/2007, 23:18:56] - Finishing up...
[11/02/2007, 23:18:56] - Nothing found! Exiting...

LOG Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:21:49, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
C:\Program Files\a-squared Free\a2service.exe
D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe
D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: (no name) - {58F1B951-27D9-4239-B84E-28171D09AF17} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe" /b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Réponse 22 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

re,

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\vturp

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

apres on fera un autre truc...

Réponse 23 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

Bon me revoilà, scusi ma j'ai pris du retard;
enfin voilà j'ai utilisé Vundofix mais je n'ai pas de rapport.
Voici le nouveau rapport HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 20:12:52, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe
D:\OUTILS\Diskeeper.pro.1st\DkService.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\scan.exe

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [rkfree] "D:\SECURITE\RKlogger Free Edition v 1.3\rkfree.exe" /b
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5.1.43\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Réponse 24 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

bonjour,

excuse pour le retard...

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

@+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

Bonjour! g!rly,

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:34:56 02/12/2007

+ Résultat de l'analyse:

C:\Documents and Settings\xx\Cookies\xx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
G:\Documents and Settings\xx\Cookies\xx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
G:\Documents and Settings\xx\Cookies\xx@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@navrcholu[1].txt -> TrackingCookie.Navrcholu : Nettoyé.
C:\Documents and Settings\xxIRE\Cookies\xx@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\xx\Cookies\xx@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.

Fin du rapport

Réponse 26 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

bonsoir orb42,

comment va ton pc?

Réponse 27 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

hey! salut! on n'arrete pas de se croiser..decidement.
j'espere que ton pc aussi se porte bien..

mon pc va ...bien je crois...sauf que Trojan remover me trouve toujours ça sans pouvoir le supprimer:

C:\WINDOWS\system32\drivers\ayefppgh.dat
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykffkcgi\"ImagePath"

C:\WINDOWS\system32\consol.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}

Réponse 28 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

re,

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykffkcgi]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{D6B237A6-DFE1-4816-81EF-960FCD637161}"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit4 est sur la premiere ligne et il y a une ligne blanche a la fin...
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\drivers\ayefppgh.dat
C:\WINDOWS\system32\consol.dll

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Réponse 29 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

RAPPORT OTMOVE IT:

File move failed. C:\WINDOWS\system32\drivers\ayefppgh.dat scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\consol.dll not found.

****************************

RAPPORT COMBOFIX (attention il y a de quoi a lire):

ComboFix 07-12-02.5 - XX 2007-12-02 21:54:19.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.610 [GMT 1:00]
Running from: D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTISPYWARE\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\msettings.ini
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))))))))
.

2007-11-30 08:38 . 2000-12-06 00:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
2007-11-30 08:38 . 2002-03-04 16:49 177,936 --a------ C:\WINDOWS\system32\sssplt30.ocx
2007-11-30 08:38 . 1998-09-24 13:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2007-11-30 08:38 . 1998-09-24 13:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2007-11-29 22:13 . <REP> C:\Documents and Settings\JEROME 2007-11-29 22:13 <REP> CLAIRE\Application Data\Grisoft
2007-11-29 22:13 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 15:44 . 2007-11-22 15:43 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2007-11-22 15:44 . 2007-11-22 15:44 3,310 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2007-11-22 15:40 . 2007-11-22 15:44 133,632 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-22 15:40 . 2007-11-22 15:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2007-11-22 15:40 . 2007-11-22 15:40 11,472 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2007-11-21 09:46 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-18 23:06 . <REP> C:\Documents and Settings\XX 2007-11-18 23:06 <REP> XX\Incomplete
2007-11-15 09:53 . <REP> C:\Documents and Settings\XX 2007-11-15 09:53 <REP> XX\Application Data\GetRightToGo
2007-11-13 18:53 . 2007-11-13 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-13 09:10 . 2007-11-13 09:15 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 09:09 . 2007-12-01 18:42 <REP> d-------- C:\Program Files\Windows Live
2007-11-13 09:09 . 2007-11-13 09:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 19:52 . 2007-11-11 19:52 0 --a------ C:\WINDOWS\system32\drivers\ayefppgh_FAUX.dat
2007-11-08 08:42 . 2007-11-08 08:43 <REP> d-------- C:\I386
2007-11-07 21:36 . 2007-11-06 08:42 212 -rahs---- C:\BOOT.BKK
2007-11-07 17:57 . 2007-11-07 17:57 <REP> d-------- C:\WINDOWS\Twain32
2007-11-07 04:53 . 2007-11-07 13:31 <REP> d-------- C:\installXP_CD.PRE-INSTALL
2007-11-06 22:59 . 2007-11-07 20:03 <REP> d-------- C:\Program Files\nLite
2007-11-06 22:40 . 2007-11-07 21:35 <REP> d-------- C:\installXP
2007-11-06 21:37 . 2007-11-06 22:37 584 --a------ C:\WINDOWS\imsins.BAK
2007-11-06 21:00 . 2005-12-15 13:00 2,113,536 --a--c--- C:\WINDOWS\system32\dllcache\dxdiagn.dll
2007-11-06 09:04 . 2007-11-06 09:04 <REP> d-------- C:\Program Files\TGTSoft
2007-11-06 08:41 . 2004-08-19 16:09 47,104 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll
2007-11-06 08:41 . 2004-08-19 16:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2007-11-06 08:40 . 2007-11-06 08:40 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-11-05 18:17 . 2005-12-05 13:15 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-11-05 18:17 . 2005-12-05 13:15 584,448 --a--c--- C:\WINDOWS\system32\dllcache\adm8810.sys
2007-11-05 18:17 . 2005-12-05 13:15 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
2007-11-05 18:17 . 2005-12-05 13:15 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2007-11-05 18:17 . 2005-12-05 13:15 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2007-11-05 18:17 . 2004-08-03 22:32 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
2007-11-03 08:11 . 2007-11-03 08:11 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl
2007-11-03 08:11 . 2007-11-03 08:11 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-11-02 00:33 . 2007-11-02 08:18 23,905 ---hs---- C:\WINDOWS\system32\prutv.ini
2007-11-02 00:33 . 2007-11-02 00:33 6,470 ---hs---- C:\WINDOWS\system32\prutv.bak1

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-02 15:11 --------- d-----w C:\Documents and Settings\XX\Application Data\LimeWire
2007-11-30 07:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 21:13 --------- d-----w C:\Documents and Settings\XX\Application Data\Grisoft
2007-11-22 15:03 --------- d-----w C:\Documents and Settings\XX\Application Data\Sonic Foundry
2007-11-17 14:22 --------- d-----w C:\Program Files\a-squared Free
2007-11-15 08:54 --------- d-----w C:\Documents and Settings\XX\Application Data\GetRightToGo
2007-11-10 08:45 --------- d-----w C:\Program Files\Navilog1
2007-11-07 14:55 --------- d-----w C:\Program Files\hp deskjet 920c series
2007-11-03 07:11 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-01 23:49 --------- d-----w C:\Program Files\QuickTime
2007-11-01 21:39 6,510 ------w C:\WINDOWS\system32\yycdd.bak1
2007-11-01 18:15 9,409 --sha-w C:\WINDOWS\system32\ututv.ini.ren
2007-11-01 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 18:08 6,470 --sha-w C:\WINDOWS\system32\ututv.bak1.ren
2007-10-31 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\rkfree
2007-10-31 21:56 --------- d-----w C:\Program Files\CustoMess
2007-10-27 22:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-27 22:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-27 22:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-10-27 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2007-10-27 18:15 --------- d-----w C:\Program Files\F-Secure
2007-10-27 18:09 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
2007-10-27 18:09 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
2007-10-27 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2007-10-27 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2007-10-27 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-27 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-26 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-26 08:06 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-10-25 18:31 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-10-24 19:46 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-24 16:54 --------- d-----w C:\Program Files\CCleaner
2007-10-23 17:57 5,120 ----a-w C:\WINDOWS\system32\drivers\jjgkcwhv.dat
2007-10-23 17:57 18,688 ----a-w C:\WINDOWS\system32\drivers\ayefppgh.dat
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-15 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-15 12:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-15 12:02 --------- d-----w C:\Documents and Settings\XX\Application Data\Lavasoft
2007-10-14 22:53 --------- d-----w C:\Documents and Settings\XX\Application Data\Simply Super Software
2007-10-14 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-14 10:23 --------- d-----w C:\Documents and Settings\XX\Application Data\F-Secure
2007-10-13 07:02 10,053 ----a-w C:\WINDOWS\system32\msrep32.dll
2007-10-10 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-04 20:34 --------- d-----w C:\Program Files\TRELLIAN
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-20 11:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
2007-09-17 14:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll
2007-09-06 03:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-05-26 16:54 87,608 ----a-w C:\Documents and Settings\XX\Application Data\ezpinst.exe
2007-05-26 16:54 47,360 ----a-w C:\Documents and Settings\XX
\Application Data\pcouffin.sys
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-12-15 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll
2004-08-19 15:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2005-12-15 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2004-08-19 15:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 17:18 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
C:\WINDOWS\system32\consol.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-03-23 00:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="D:\MUSIQUE\SONICS~1\SsAAD.exe" [2007-07-20 09:36]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-01-18 17:09]
"F-Secure Manager"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 14:12]
"F-Secure TNB"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 14:11]
"CookiePatrol"="D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"PestPatrolCL"="" []
"SunJavaUpdateSched"="D:\OUTILS\JAVA\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-19 16:09 C:\WINDOWS\system32\cmd.exe]
"nlhr"="RunDll32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2005-12-15 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoSMMyDocs"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"DisallowRun"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= consol.dll

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CA2DB500-5ECF-11D2-B28F-0080C8383C7B}"= c:\windows\system32\shmswnrc.dll [1999-03-25 09:00 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OPSE reminder"="D:\OUTILS\Scanner.Omnipage\EregFre\Ereg.exe" -r "D:\OUTILS\Scanner.Omnipage\EregFre\ereg.ini"
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe
"SoundMan"=SOUNDMAN.EXE
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
"Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe
"DiskeeperSystray"="D:\OUTILS\Diskeeper.pro.1st\DkIcon.exe"

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 trm3x5;trm3x5;C:\WINDOWS\system32\DRIVERS\trm3x5.sys
R0 ykffkcgi;ykffkcgi;C:\WINDOWS\system32\drivers\ayefppgh.dat
R1 F-Secure HIPS;F-Secure HIPS;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\HIPS\fshs.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\D:\OUTILS\UltraISO Premium Edition 8.6.3\UltraISO\drivers\ISODrive.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 21:58:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-02 21:59:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-01 22:35
.
--- E O F ---

Réponse 30 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

re.

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\sssplt30.ocx
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.dll
C:\WINDOWS\system32\consol.dll
c:\windows\system32\shmswnrc.dll
C:\WINDOWS\system32\drivers\ayefppgh.dat

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"=-
"nlhr"=-
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowr un]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CA2DB500-5ECF-11D2-B28F-0080C8383C7B}"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Réponse 31 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

Voilà, alors:

RAPPORT COMBOFIX:

ComboFix 07-12-02.5 - XX 2007-12-03 4:38:19.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.570 [GMT 1:00]
Running from: D:\DOCS\LOGICIELS\___LOGICIELS\INTERNET\ANTISPYWARE\ComboFix.exe
Command switches used :: D:\DOCS\_A EFFACER\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\consol.dll
C:\WINDOWS\system32\drivers\ayefppgh.dat
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.dll
C:\WINDOWS\system32\prutv.ini
c:\windows\system32\shmswnrc.dll
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\sssplt30.ocx
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\ayefppgh.dat
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.ini
c:\windows\system32\shmswnrc.dll
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\sssplt30.ocx

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))))))))
.

2007-11-30 08:38 . 2000-12-06 00:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
2007-11-30 08:38 . 1998-09-24 13:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2007-11-30 08:38 . 1998-09-24 13:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2007-11-29 22:13 . <REP> C:\Documents and Settings\XX 2007-11-29 22:13 <REP> XX\Application Data\Grisoft
2007-11-29 22:13 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 15:44 . 2007-11-22 15:43 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2007-11-22 15:44 . 2007-11-22 15:44 3,310 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2007-11-22 15:40 . 2007-11-22 15:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2007-11-22 15:40 . 2007-11-22 15:40 11,472 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2007-11-21 09:46 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-18 23:06 . <REP> C:\Documents and Settings\XX 2007-11-18 23:06 <REP> XX\Incomplete
2007-11-15 09:53 . <REP> C:\Documents and Settings\XX 2007-11-15 09:53 <REP> XX\Application Data\GetRightToGo
2007-11-13 18:53 . 2007-11-13 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-13 09:10 . 2007-11-13 09:15 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 09:09 . 2007-12-01 18:42 <REP> d-------- C:\Program Files\Windows Live
2007-11-13 09:09 . 2007-11-13 09:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 19:52 . 2007-11-11 19:52 0 --a------ C:\WINDOWS\system32\drivers\ayefppgh_FAUX.dat
2007-11-08 08:42 . 2007-11-08 08:43 <REP> d-------- C:\I386
2007-11-07 21:36 . 2007-11-06 08:42 212 -rahs---- C:\BOOT.BKK
2007-11-07 17:57 . 2007-11-07 17:57 <REP> d-------- C:\WINDOWS\Twain32
2007-11-07 04:53 . 2007-11-07 13:31 <REP> d-------- C:\installXP_CD.PRE-INSTALL
2007-11-06 22:59 . 2007-11-07 20:03 <REP> d-------- C:\Program Files\nLite
2007-11-06 22:40 . 2007-11-07 21:35 <REP> d-------- C:\installXP
2007-11-06 21:37 . 2007-11-06 22:37 584 --a------ C:\WINDOWS\imsins.BAK
2007-11-06 21:00 . 2005-12-15 13:00 2,113,536 --a--c--- C:\WINDOWS\system32\dllcache\dxdiagn.dll
2007-11-06 09:04 . 2007-11-06 09:04 <REP> d-------- C:\Program Files\TGTSoft
2007-11-06 08:41 . 2004-08-19 16:09 47,104 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll
2007-11-06 08:41 . 2004-08-19 16:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2007-11-06 08:40 . 2007-11-06 08:40 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-11-05 18:17 . 2005-12-05 13:15 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-11-05 18:17 . 2005-12-05 13:15 584,448 --a--c--- C:\WINDOWS\system32\dllcache\adm8810.sys
2007-11-05 18:17 . 2005-12-05 13:15 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
2007-11-05 18:17 . 2005-12-05 13:15 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2007-11-05 18:17 . 2005-12-05 13:15 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2007-11-05 18:17 . 2004-08-03 22:32 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
2007-11-03 08:11 . 2007-11-03 08:11 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl
2007-11-03 08:11 . 2007-11-03 08:11 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-02 15:11 --------- d-----w C:\Documents and Settings\XX & XX\Application Data\LimeWire
2007-11-30 07:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 21:13 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Grisoft
2007-11-22 15:03 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Sonic Foundry
2007-11-17 14:22 --------- d-----w C:\Program Files\a-squared Free
2007-11-15 08:54 --------- d-----w C:\Documents and Settings\XX XX\Application Data\GetRightToGo
2007-11-10 08:45 --------- d-----w C:\Program Files\Navilog1
2007-11-07 14:55 --------- d-----w C:\Program Files\hp deskjet 920c series
2007-11-03 07:11 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-01 23:49 --------- d-----w C:\Program Files\QuickTime
2007-11-01 21:39 6,510 ------w C:\WINDOWS\system32\yycdd.bak1
2007-11-01 18:15 9,409 --sha-w C:\WINDOWS\system32\ututv.ini.ren
2007-11-01 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 18:08 6,470 --sha-w C:\WINDOWS\system32\ututv.bak1.ren
2007-10-31 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\rkfree
2007-10-31 21:56 --------- d-----w C:\Program Files\CustoMess
2007-10-27 22:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-27 22:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-27 22:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-10-27 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2007-10-27 18:15 --------- d-----w C:\Program Files\F-Secure
2007-10-27 18:09 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
2007-10-27 18:09 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
2007-10-27 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2007-10-27 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2007-10-27 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-27 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-26 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-26 08:06 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-10-25 18:31 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-10-24 19:46 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-24 16:54 --------- d-----w C:\Program Files\CCleaner
2007-10-23 17:57 5,120 ----a-w C:\WINDOWS\system32\drivers\jjgkcwhv.dat
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-15 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-15 12:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-15 12:02 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Lavasoft
2007-10-14 22:53 --------- d-----w C:\Documents and Settings\XX XX\Application Data\Simply Super Software
2007-10-14 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-14 10:23 --------- d-----w C:\Documents and Settings\XX XX\Application Data\F-Secure
2007-10-13 07:02 10,053 ----a-w C:\WINDOWS\system32\msrep32.dll
2007-10-10 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-04 20:34 --------- d-----w C:\Program Files\TRELLIAN
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-20 11:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
2007-09-17 14:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll
2007-09-06 03:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-05-26 16:54 87,608 ----a-w C:\Documents and Settings\XX XX\Application Data\ezpinst.exe
2007-05-26 16:54 47,360 ----a-w C:\Documents and Settings\XX XX\Application Data\pcouffin.sys
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-12-15 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll
2004-08-19 15:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2005-12-15 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2004-08-19 15:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 17:18 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_21.58.22.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 15:09:22 47,104 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\coadmin.dll
+ 2004-08-19 15:09:26 184,435 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4amsft.dll
+ 2004-08-19 15:09:26 82,035 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4anscp.dll
+ 2004-08-19 15:09:26 147,513 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4apws.dll
+ 2004-08-19 15:09:26 49,210 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4areg.dll
+ 2004-08-19 15:09:26 102,509 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4atxt.dll
+ 2004-08-19 15:09:26 41,020 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4avnb.dll
+ 2004-08-19 15:09:26 32,826 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4avss.dll
+ 2004-08-19 15:09:26 49,212 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4awebs.dll
+ 2004-08-19 15:09:26 876,653 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp4awel.dll
+ 2004-08-19 15:09:56 15,120 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp98sadm.exe
+ 2004-08-19 15:09:56 109,840 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fp98swin.exe
+ 2004-08-19 15:09:56 188,494 ----a-w C:\WINDOWS\LastGood.Tmp\system32\dllcache\fpcount.exe
+ 2007-12-03 03:41:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
C:\WINDOWS\system32\consol.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-03-23 00:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="D:\MUSIQUE\SONICS~1\SsAAD.exe" [2007-07-20 09:36]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-01-18 17:09]
"F-Secure Manager"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 14:12]
"F-Secure TNB"="D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 14:11]
"CookiePatrol"="D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"PestPatrolCL"="" []
"SunJavaUpdateSched"="D:\OUTILS\JAVA\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2005-12-15 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoSMMyDocs"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"DisallowRun"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OPSE reminder"="D:\OUTILS\Scanner.Omnipage\EregFre\Ereg.exe" -r "D:\OUTILS\Scanner.Omnipage\EregFre\ereg.ini"
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe
"SoundMan"=SOUNDMAN.EXE
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
"Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe
"DiskeeperSystray"="D:\OUTILS\Diskeeper.pro.1st\DkIcon.exe"

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 trm3x5;trm3x5;C:\WINDOWS\system32\DRIVERS\trm3x5.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\HIPS\fshs.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\D:\OUTILS\UltraISO Premium Edition 8.6.3\UltraISO\drivers\ISODrive.sys
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
S0 ykffkcgi;ykffkcgi;C:\WINDOWS\system32\drivers\ayefppgh.dat
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 04:41:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\LastGood
**************************************************************************
.
Completion time: 2007-12-03 4:43:12 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-02 21:59
C:\ComboFix3.txt ... 2007-11-01 22:35
.
--- E O F ---

##################################

##################################

RAPPORT HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 04:47:55, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\OUTILS\JAVA\bin\jusched.exe
D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\SECURITE\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\OUTILS\JAVA\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\OUTILS\JAVA\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\SECURITE\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Réponse 32 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

salut orb,

fais analyser ceci :

{D6B237A6-DFE1-4816-81EF-960FCD637161}

avec ceci :

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

{D6B237A6-DFE1-4816-81EF-960FCD637161}

- Type de recherche : sélectionne l'option 6 puis valide

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

@+

Réponse 33 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

salut!

voiçi:

03/12/2007 ---- 16:37:46,51

----------------------------------
§§§§§§ [{D6B237A6-DFE1-4816-81EF-960FCD637161}] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B237A6-DFE1-4816-81EF-960FCD637161}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

[HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6B237A6-DFE1-4816-81EF-960FCD637161}\iexplore]

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 34 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

re,

coche et fix cei a l´aide hijack this :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D6B237A6-DFE1-4816-81EF-960FCD637161} - C:\WINDOWS\system32\consol.dll (file missing)

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
[-HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6B237A6-DFE1-4816-81EF-960FCD637161}]
[-HKEY_USERS\S-1-5-21-1078081533-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6B237A6-DFE1-4816-81EF-960FCD637161}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit est sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

repost un hijack this

@+

Réponse 35 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

je crois bien que ça y est, j'ai l'impression que le log est clean!

Logfile of HijackThis v1.99.1
Scan saved at 17:58:32, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\MUSIQUE\SONICS~1\SsAAD.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE
D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
D:\OUTILS\JAVA\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FCH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FAMEH32.EXE
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SECURITE\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\OUTILS\JAVA\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SsAAD.exe] D:\MUSIQUE\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [F-Secure Manager] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CookiePatrol] D:\SECURITE\PESTPA~1.8\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\OUTILS\JAVA\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\OUTILS\JAVA\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\securite\f-secure.2008\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SECURITE\Ad-Aware.2007.Pro.7.0.2.1\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SECURITE\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\OUTILS\Diskeeper.pro.1st\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\SECURITE\F-Secure.2008\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Réponse 36 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

oui ;-)

coche et fix encore ceci, un oublie de ma part:

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

par contre tes mises a jour windows ne sont as a jour :

tu surf avec internet explorer 6.0 = failles de securité importantes

alors fais les maj -> tu veux la version 7.0 d´ie

et pourquoi pas surfer avec firefox tout en gardant la version 7.0 pour les maj windows

http://www.firefox.fr/

dis moi quoi

@+

Réponse 37 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

je ne te remercierais jamais assez pour le temps que tu as bien voulu m'accorder - et accorder aux autres içi. D'ailleurs du coup dans l'attente entre 2 messages je commençais à aller dans la rubrique "ils ont besoin de vous" et ça y est ,maintenant je commence à devenir "accro" au support en ligne. C'est peut etre ma maniere de rendre ce que je reçois. (ouh que c'est beau ça !). merçi pour tes conseils. IE7 est consideré sans faille de vulnerabilité depuis quelques temps?

Réponse 38 / 39

g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention 406

re,

je t´en prie...

de rien ;-)

ie 7.0 moins sur que firefox...

pour l´entraide si tu te sents, oui tu es le bienvenue ;-)

@+

Réponse 39 / 39

orb42 Messages postés 1513 Date d'inscription Statut Membre Dernière intervention 203

Discussions similaires

Volume qui s'augmente seul

Mon compte s'abonne tout seul à d'autres comptes

Seule le voyant d'alimentation de mon box plus de sfr s'allume

OK google s'active quand j'ai mes écouteurs de brancher

Télépone portable qui émet des bips !

Votre réponse

Discussions similaires