HELP Comment Supprimer SECURITY TOOL 7.1

coralie78 Messages postés 11 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Depuis quelques jours j'ai une barre qui viens se mettre sur mes pages internet "SECURITY TOOLBAR 7.1"
J'ais eu precedement un trojan que j'ai pu enlever avec Kapersky.
Mais cette barre impossible de l'enlever.
J'ai parcourus les forums je vous ai fais un copier coller du rapport HIJACK :

MERCI DE M AIDER

Coralie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:57, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjevcozf.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [f4cefff6] rundll32.exe "C:\WINDOWS\system32\mysptber.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453582 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hcooihpj.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe

--
End of file - 7799 bytes
Configuration: Windows XP
Internet Explorer 6.0

7 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    A+
    -1
  2. coralie78 Messages postés 11 Statut Membre
     
    Bonjour,

    voici le rapport VUDOFIX

    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 21:10:34 09/11/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\kjevcozf.dll

    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 16:53:02 10/11/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\kjevcozf.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\kjevcozf.dll
    C:\WINDOWS\system32\kjevcozf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VOICI LE RAPPORT HIJACK

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:03:20, on 10/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [f4cefff6] rundll32.exe "C:\WINDOWS\system32\mysptber.dll",b
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453582 14
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hcooihpj.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
    O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    -1
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    OK

    Télécharge Combofix sUBs :http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    Copie/colle un nouveau rapport HiJackThis avec.
    -1
  4. coralie78 Messages postés 11 Statut Membre
     
    bonsoir,

    voici le rapport COMBOFIX
    ComboFix 07-11-08.1 - Christophe 2007-11-10 23:32:14.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.556 [GMT 1:00]
    Running from: C:\ComboFix.exe
    * Created a new restore point
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\Christophe\Bureau\internet.lnk
    C:\Documents and Settings\Christophe\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\Christophe\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\Christophe\Favoris\Online Security Guide.lnk
    C:\Program Files\Fichiers communs\BestsellerAntivirus
    C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
    C:\WINDOWS\system32\~.exe
    C:\WINDOWS\system32\bwqgrncg.dllbox
    C:\WINDOWS\system32\drivers\fmtr.sys
    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\kjevcozf.dllbox
    C:\WINDOWS\system32\kjkkj.bak1
    C:\WINDOWS\system32\kjkkj.bak2
    C:\WINDOWS\system32\kjkkj.ini
    C:\WINDOWS\system32\kjkkj.ini2
    C:\WINDOWS\system32\kjkkj.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-10 23:30 145,984 --a------ C:\WINDOWS\system32\bwqgrncg.dll
    2007-11-10 23:29 145,984 --a------ C:\WINDOWS\system32\aettdxhd.dll
    2007-11-10 23:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-10 23:27 85,056 --a------ C:\WINDOWS\system32\fdfskjju.dll
    2007-11-10 23:27 81,472 --a------ C:\WINDOWS\system32\qnwbbmyd.dll
    2007-11-10 23:26 1,539,258 --a------ C:\ComboFix.exe
    2007-11-10 16:52 115,712 --a------ C:\VundoFix.exe
    2007-11-10 14:45 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-10 14:45 812,344 --a------ C:\HJTInstall.exe
    2007-11-10 00:43 <REP> d-------- C:\WINDOWS\pss
    2007-11-09 21:52 3,622 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-09 21:50 <REP> d-------- C:\SmitfraudFix
    2007-11-09 21:50 1,039,436 --a------ C:\SmitfraudFix.exe
    2007-11-09 21:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-09 21:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-09 21:50 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-09 21:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-09 21:50 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-09 21:45 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Grisoft
    2007-11-09 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-09 21:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-09 21:43 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
    2007-11-09 21:10 <REP> d-------- C:\VundoFix Backups
    2007-11-09 19:29 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-11-09 19:29 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-11-09 19:27 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-11-09 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-09 19:27 1,792,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-09 19:27 49,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-09 19:25 77,888 --a------ C:\WINDOWS\system32\mgrbgowh.dll
    2007-11-08 22:47 15,796 --a------ C:\WINDOWS\system32\instdump.zip
    2007-11-08 18:15 80,448 --a------ C:\WINDOWS\system32\npacfeap.dll
    2007-11-08 18:09 145,984 --a------ C:\WINDOWS\system32\wwbclqvm.dll
    2007-11-07 22:24 <REP> d-------- C:\Program Files\Nobilis
    2007-11-07 22:14 <REP> d--h----- C:\Program Files\ApplePie
    2007-11-07 21:47 <REP> d-------- C:\jeux
    2007-11-01 14:39 <REP> d-------- C:\etauliers
    2007-10-13 16:07 2,037,382 --a------ C:\ig2_addon_patch21_en.exe
    2007-10-13 12:37 <REP> d-------- C:\Program Files\IndustryGiant 2

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-10 22:57 5,636 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-10 22:57 25,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-10-13 15:12 --------- d-----w C:\Program Files\JeCreeMaCuisineAvecLeroyMerlin
    2007-10-13 11:39 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-10-06 16:01 --------- d-----w C:\Program Files\SecondLife
    2007-10-06 15:59 34,485,241 ----a-w C:\Second Life 1-18-3-5 Setup.exe
    2007-09-13 21:03 --------- d-----w C:\Program Files\MSN Messenger
    2007-08-18 10:39 12,598,964 ----a-w C:\Kd50.exe
    2007-08-16 13:11 43,400 ----a-w C:\Documents and Settings\Christophe\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c967b58-d73a-45d3-8eb9-12cf3553acb3}]
    2007-11-10 23:27 81472 --a------ C:\WINDOWS\system32\qnwbbmyd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D}]
    2007-11-07 22:14 95232 --a------ C:\Program Files\ApplePie\ie-improver.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-10 23:30 145984 --a------ C:\WINDOWS\system32\bwqgrncg.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\bwqgrncg.dll [2007-11-10 23:30 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 15:16]
    "nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 15:16]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 14:30]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-01 21:52]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 14:26]
    "EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-01 10:42]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
    "f4cefff6"="C:\WINDOWS\system32\fdfskjju.dll" [2007-11-10 23:27]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 16:10]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 21:11]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bwqgrncg]
    bwqgrncg.dll 2007-11-10 23:30 145984 C:\WINDOWS\system32\bwqgrncg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

    R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys
    R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
    R1 eusk2par;EUTRON SmartKey Parallel Driver;\??\C:\WINDOWS\system32\Drivers\eusk2par.sys
    R2 WUSB54GSVC;WUSB54GSVC;"C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe"
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d4891e4-4138-11dc-be5e-000f661c2461}]
    \Shell\AutoRun\command - K:\Install.exe

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 00:01:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-11 0:04:51 - machine was rebooted
    .
    --- E O F ---

    puis le rappport Hijackthis

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:12:43, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: {3bca3553-fc21-9be8-3d54-a37d85b769c1} - {1c967b58-d73a-45d3-8eb9-12cf3553acb3} - C:\WINDOWS\system32\qnwbbmyd.dll
    O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bwqgrncg.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bwqgrncg.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [f4cefff6] rundll32.exe "C:\WINDOWS\system32\fdfskjju.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453582 14
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: bwqgrncg - C:\WINDOWS\SYSTEM32\bwqgrncg.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
    O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonsoir Coralie

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

    Puis remet en plus un nouvel HijackThis et un combofix

    Merci

    A+
    -1
  7. coralie78 Messages postés 11 Statut Membre
     
    Bonjour Régis
    vois ci le rapport VBG.TXT :

    11/11/2007, 10:18:51] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
    [11/11/2007, 10:18:57] - Detected System Information:
    [11/11/2007, 10:18:57] - Windows Version: 5.1.2600, Service Pack 2
    [11/11/2007, 10:18:57] - Current Username: Christophe (Admin)
    [11/11/2007, 10:18:57] - Windows is in NORMAL mode.
    [11/11/2007, 10:18:57] - Searching for Browser Helper Objects:
    [11/11/2007, 10:18:57] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
    [11/11/2007, 10:18:57] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [11/11/2007, 10:18:57] - BHO 3: {1c967b58-d73a-45d3-8eb9-12cf3553acb3} ()
    [11/11/2007, 10:18:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:18:57] - Checking for HKLM\...\Winlogon\Notify\qnwbbmyd
    [11/11/2007, 10:18:57] - Key not found: HKLM\...\Winlogon\Notify\qnwbbmyd, continuing.
    [11/11/2007, 10:18:57] - BHO 4: {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} (SysApp)
    [11/11/2007, 10:18:57] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/11/2007, 10:18:57] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/11/2007, 10:18:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:18:57] - No filename found. Continuing.
    [11/11/2007, 10:18:57] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/11/2007, 10:18:58] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
    [11/11/2007, 10:18:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:18:58] - Checking for HKLM\...\Winlogon\Notify\bwqgrncg
    [11/11/2007, 10:18:58] - Found: HKLM\...\Winlogon\Notify\bwqgrncg - This is probably Virtumundo.
    [11/11/2007, 10:18:58] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
    [11/11/2007, 10:18:58] - BHO list has been changed! Starting over...
    [11/11/2007, 10:18:58] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
    [11/11/2007, 10:18:58] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [11/11/2007, 10:18:58] - BHO 3: {1c967b58-d73a-45d3-8eb9-12cf3553acb3} ()
    [11/11/2007, 10:18:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:18:58] - Checking for HKLM\...\Winlogon\Notify\qnwbbmyd
    [11/11/2007, 10:18:58] - Key not found: HKLM\...\Winlogon\Notify\qnwbbmyd, continuing.
    [11/11/2007, 10:18:58] - BHO 4: {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} (SysApp)
    [11/11/2007, 10:18:58] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/11/2007, 10:18:58] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/11/2007, 10:18:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:18:58] - No filename found. Continuing.
    [11/11/2007, 10:18:58] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/11/2007, 10:18:58] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
    [11/11/2007, 10:18:58] - ALERT: Found MSEvents Object!
    [11/11/2007, 10:18:58] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/11/2007, 10:18:58] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/11/2007, 10:18:58] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
    [11/11/2007, 10:18:58] - Finished Searching Browser Helper Objects
    [11/11/2007, 10:18:58] - *** Detected MSEvents Object
    [11/11/2007, 10:18:58] - Trying to remove MSEvents Object...
    [11/11/2007, 10:18:59] - Terminating Process: IEXPLORE.EXE
    [11/11/2007, 10:19:00] - Terminating Process: RUNDLL32.EXE
    [11/11/2007, 10:19:00] - Disabling Automatic Shell Restart
    [11/11/2007, 10:19:00] - Terminating Process: EXPLORER.EXE
    [11/11/2007, 10:19:01] - Suspending the NT Session Manager System Service
    [11/11/2007, 10:19:01] - Terminating Windows NT Logon/Logoff Manager
    [11/11/2007, 10:19:01] - Re-enabling Automatic Shell Restart
    [11/11/2007, 10:19:01] - File to disable: C:\WINDOWS\system32\bwqgrncg.dll
    [11/11/2007, 10:19:01] - Renaming C:\WINDOWS\system32\bwqgrncg.dll -> C:\WINDOWS\system32\bwqgrncg.dll.vir
    [11/11/2007, 10:19:01] - File successfully renamed!
    [11/11/2007, 10:19:01] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    [11/11/2007, 10:19:01] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    [11/11/2007, 10:19:01] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
    [11/11/2007, 10:19:01] - Deleting ATLEvents/MSEvents Registry entries
    [11/11/2007, 10:19:01] - Removing HKLM\...\Winlogon\Notify\bwqgrncg
    [11/11/2007, 10:19:01] - Searching for Browser Helper Objects:
    [11/11/2007, 10:19:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
    [11/11/2007, 10:19:01] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [11/11/2007, 10:19:01] - BHO 3: {1c967b58-d73a-45d3-8eb9-12cf3553acb3} ()
    [11/11/2007, 10:19:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:19:01] - Checking for HKLM\...\Winlogon\Notify\qnwbbmyd
    [11/11/2007, 10:19:01] - Key not found: HKLM\...\Winlogon\Notify\qnwbbmyd, continuing.
    [11/11/2007, 10:19:01] - BHO 4: {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} (SysApp)
    [11/11/2007, 10:19:01] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/11/2007, 10:19:01] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/11/2007, 10:19:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/11/2007, 10:19:02] - No filename found. Continuing.
    [11/11/2007, 10:19:02] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/11/2007, 10:19:02] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/11/2007, 10:19:02] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/11/2007, 10:19:02] - BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
    [11/11/2007, 10:19:02] - Finished Searching Browser Helper Objects
    [11/11/2007, 10:19:02] - Finishing up...
    [11/11/2007, 10:19:02] - A restart is needed.
    [11/11/2007, 10:19:06] - Attempting to Restart via STOP error (Blue Screen!)

    PUIS LE RAPPORT HIJACKTHIS

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:24:23, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: {3bca3553-fc21-9be8-3d54-a37d85b769c1} - {1c967b58-d73a-45d3-8eb9-12cf3553acb3} - C:\WINDOWS\system32\qnwbbmyd.dll
    O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bwqgrncg.dll (file missing)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [f4cefff6] rundll32.exe "C:\WINDOWS\system32\fdfskjju.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453582 14
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
    O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    -1
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\bwqgrncg.dll.vir
    C:\WINDOWS\system32\aettdxhd.dll
    C:\WINDOWS\system32\fdfskjju.dll
    C:\WINDOWS\system32\qnwbbmyd.dll
    C:\WINDOWS\system32\mgrbgowh.dll
    C:\WINDOWS\system32\instdump.zip
    C:\WINDOWS\system32\npacfeap.dll
    C:\WINDOWS\system32\wwbclqvm.dll 


    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    Puis ouvre le bloc note et copie colle ceci dedans:

    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c967b58-d73a-45d3-8eb9-12cf3553acb3}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
    "f4cefff6"=-


    Puis enregistrer sous et dans:
    Nom du fichier, met bureau.reg
    Type : sélectionne "tous les fichiers"
    clique sur enregistrer

    Double clique sur bureau.reg et accepte la fusion avec le registre.

    Redemarre ton pc et remet un Hijackthis + un combofix.

    A+
    -1