Petit probleme de bebete dans mon PC

Eliza -  
cgui33 Messages postés 1176 Statut Membre -
Bonjour,
Voilou j'ai un ptit soucie de PC voila nous somme plusieur a utiliser le pc et depuis une semaine j'ai apercu tres truc un peu bizare sur le pc des messages en anglais des alerte virus tro je sais pas quoi, je suis pas une pro du pc mais aprés quelque recherche sur le net j ai vu qu on pouvais laisser un rappot H.... machin chose ici.
Alors AU SECOUR lol un peu d'aide serais super sympa
voila le rappot

merci d 'avance
eliza

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:35, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\gbpudrqw.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jihsebiu.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [3462f406] rundll32.exe "C:\WINDOWS\system32\pcihhmcj.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SwHelper.exe -Update -1020021 -iexplore.exe7.0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{832DFC08-D0C9-49A7-823D-420AB45B21F9}: NameServer = 81.220.66.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0028610.dat
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\gbpudrqw.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9737 bytes
Configuration: Windows XP
Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. cgui33 Messages postés 1176 Statut Membre 10
     
    Pas mal de problèmes apparemment ...

    Avec HijackThis :
    Do a system scan only
    Coches les 4 lignes suivantes :

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jihsebiu.dll
    O4 - HKLM\..\Run: [3462f406] rundll32.exe "C:\WINDOWS\system32\pcihhmcj.dll",b
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0028610.dat
    O23 - Service: DomainService - - C:\WINDOWS\system32\gbpudrqw.exe

    et un petit clic sur 'Fix checked '
    Ensuite reboot et postes un nouveau rapport
    C'EST PAS FINI ...

    A demain
    0
  2. Megan Fox Messages postés 410 Statut Membre 9
     
    Salut Eliza, cgui33,

    cgui33,
    Je n'ai pas vraiment regardé le rapport mais il y a une infection vundo. :)

    Je te laisse faire cgui33

    A+
    0
  3. Eliza
     
    Bonjour,
    %erci de ton aide,
    voilou apres avoir fais les manip voici le nouveau rapport
    merci
    eliza

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:16:04, on 14/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\FixCamera.exe
    C:\WINDOWS\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jihsebiu.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{832DFC08-D0C9-49A7-823D-420AB45B21F9}: NameServer = 81.220.66.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0028610.dat
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  4. cgui33 Messages postés 1176 Statut Membre 10
     
    Bonsoir
    Effectivement il y a du Vundo (merci Megan Fox ... j'en profite pour placer un de tes post !)

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. eliza
     
    Hello;
    aprés les manip faite sans rien casser looll voici le rapport
    Merci
    eliza
    A+

    VundoFix V6.6.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 22:42:07 14/11/2007

    Listing files found while scanning....

    C:\windows\system32\jihsebiu.dll
    C:\windows\system32\nboupnfa.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\jihsebiu.dll
    C:\windows\system32\jihsebiu.dll Has been deleted!

    Attempting to delete C:\windows\system32\nboupnfa.dll
    C:\windows\system32\nboupnfa.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    0
  7. cgui33 Messages postés 1176 Statut Membre 10
     
    Tu peux renvoyer un log de HijackThis ?
    Merci
    A+
    0
  8. eliza
     
    Hello

    voilou le rapport

    eliza

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:06:27, on 15/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\FixCamera.exe
    C:\WINDOWS\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\WINDOWS\system32\rMa18yy\rMa18yy2328.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\mrofinu.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [3462f406] rundll32.exe "C:\WINDOWS\system32\elpamwqu.dll",b
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{832DFC08-D0C9-49A7-823D-420AB45B21F9}: NameServer = 81.220.66.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CC884.dat
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  9. cgui33 Messages postés 1176 Statut Membre 10
     
    Salut
    Avec HijackThis :
    Do a system scan only
    Coches les 2 lignes :
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

    Fix checked

    Ensuite ...
    O4 - HKLM\..\Run: [3462f406] rundll32.exe "C:\WINDOWS\system32\elpamwqu.dll",b
    ça on va le résoudre avec Vundo
    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

    Ensuite ...
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CC884.dat
    On va le résoudre avec OTmoveIT

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    Sélectionne l'emplacement suivant :
    C:\WINDOWS\system32\__c00CC884.dat
    --> Clique-droit puis Copier (ou Ctrl+C)
    Double-clique sur OTMoveIt.exe afin de le lancer.
    fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
    Clique maintenant sur MoveIt!
    !! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.

    Et poste aussi un nouveau rapport HijackThis après tout ça !
    Y'a du boulot qui t'attends ...
    A+
    0
  10. eliza
     
    voiloou

    VundoFix V6.6.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 22:42:07 14/11/2007

    Listing files found while scanning....

    C:\windows\system32\jihsebiu.dll
    C:\windows\system32\nboupnfa.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\jihsebiu.dll
    C:\windows\system32\jihsebiu.dll Has been deleted!

    Attempting to delete C:\windows\system32\nboupnfa.dll
    C:\windows\system32\nboupnfa.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 20:00:13 15/11/2007

    Listing files found while scanning....

    C:\windows\system32\fdfwpuhf.dll
    C:\WINDOWS\system32\kwgaahlz.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\fdfwpuhf.dll
    C:\windows\system32\fdfwpuhf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kwgaahlz.dll
    C:\WINDOWS\system32\kwgaahlz.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 20:19:28 15/11/2007

    Listing files found while scanning....

    C:\windows\system32\kwgaahlz.dll
    0
  11. cgui33 Messages postés 1176 Statut Membre 10
     
    Est-ce que tu as tout fait?
    Hijack ?
    Vundo (oui je vois le rapport)
    OTmoveIT ?

    Et un nouveau rapport HijackThis ?

    Je l'attends !!!
    A+
    0
  12. eliza
     
    voilou

    File move failed. C:\WINDOWS\system32\__c00CC884.dat scheduled to be moved on reboot.

    Created on 11/15/2007 20:33:39

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:47:46, on 15/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\FixCamera.exe
    C:\WINDOWS\tsnp2std.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kwgaahlz.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [3462f406] rundll32.exe "C:\WINDOWS\system32\elpamwqu.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{832DFC08-D0C9-49A7-823D-420AB45B21F9}: NameServer = 81.220.66.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CC884.dat
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  13. cgui33 Messages postés 1176 Statut Membre 10
     
    Est ce que tu as rebooter avant de lancer HijackThis ?
    Je pense que non !
    Alors relance Hijackthis
    Do a system scan only
    Coches cette ligne :
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kwgaahlz.dll
    Fix checked

    Et tu REBOOTES car la ligne :
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CC884.dat
    est encore là ...
    Elle devrait disparaître après le reboot.
    Ensuite tu relances HijackThis et tu envoies le log
    C'est long et fastidieux ... je sais mais ça vaut peut-être le coup !
    A+
    C'est pas fini (car tu as toujours des lignes qui reviennent ...)
    0
  14. cgui33 Messages postés 1176 Statut Membre 10
     
    Effectivement ça ne suffit pas !

    car on retrouve :
    O4 - HKLM\..\Run: [3462f406] rundll32.exe "C:\WINDOWS\system32\elpamwqu.dll",b

    tu peux utiliser combofix :
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Ensuite : Double clique sur combofix.exe puis tape 1 pour lancer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra.
    Copie/colle ce rapport dans ta prochaine réponse.
    Ensuite dès que tu auras posté ta réponse
    renomme HijackThis.exe en toto.exe et lances toto.exe
    Colle le rapport
    A+
    0
  15. cgui33 Messages postés 1176 Statut Membre 10
     
    A dimanche soir ...

    Bon WE
    0
  16. cgui33 Messages postés 1176 Statut Membre 10
     
    Alors tu en es où ?
    A+
    0
  17. eliza
     
    Hello;
    me revoilou alors je sais plus trop ou j'en suis donc voila le resultat du scan combofix

    voilou
    eliza

    ComboFix 07-11-08.3 - Ronan 2007-11-19 22:59:12.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.531 [GMT 1:00]
    Running from: C:\Documents and Settings\Ronan\Bureau\ComboFix.exe
    * Created a new restore point
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\Ronan\Application Data\FunWebProducts
    C:\Documents and Settings\Ronan\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\Ronan\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\Ronan\Favoris\Online Security Guide.lnk
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]084D07D.urr
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\Program Files\Temporary
    C:\Program Files\WinAble
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\b111.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\system32\__c0028610.dat
    C:\WINDOWS\system32\__c00359C4.dat
    C:\WINDOWS\system32\__c006EB96.dat
    C:\WINDOWS\system32\__c008DDF1.dat
    C:\WINDOWS\system32\__c009A4F4.dat
    C:\WINDOWS\system32\__c009AB8C.dat
    C:\WINDOWS\system32\__c00B3210.dat
    C:\WINDOWS\system32\arqqogbl.dll
    C:\WINDOWS\system32\b3
    C:\WINDOWS\system32\bdeeg.bak1
    C:\WINDOWS\system32\bdeeg.bak2
    C:\WINDOWS\system32\bdeeg.ini
    C:\WINDOWS\system32\btycsabi.dll
    C:\WINDOWS\system32\dpppsxgx.dll
    C:\WINDOWS\system32\e1
    C:\WINDOWS\system32\edfscwwo.dll
    C:\WINDOWS\system32\egyydeyr.dll
    C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\jihsebiu.dllbox
    C:\WINDOWS\system32\kwgaahlz.dllbox
    C:\WINDOWS\system32\lhwxggwj.dllbox
    C:\WINDOWS\system32\miikbcop.dll
    C:\WINDOWS\system32\mmglengg.dll
    C:\WINDOWS\system32\nmjpmrhm.dll
    C:\WINDOWS\system32\nsj3C.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\qkjdfqsf.dll
    C:\WINDOWS\system32\qylxiqtk.dll
    C:\WINDOWS\system32\service.exe
    C:\WINDOWS\system32\sgrikfdn.dll
    C:\WINDOWS\system32\taaiwpbg.dll
    C:\WINDOWS\system32\u4
    C:\WINDOWS\system32\ygsturoy.dll
    C:\z.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\nm

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-19 22:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-19 22:44 145,984 --a------ C:\WINDOWS\system32\mkfbduea.dll
    2007-11-19 22:44 145,984 --a------ C:\WINDOWS\system32\lhwxggwj.dll
    2007-11-19 20:16 85,056 --a------ C:\WINDOWS\system32\hdlgsyqy.dll
    2007-11-19 20:13 71,232 --a------ C:\WINDOWS\system32\nqyydgfj.exe
    2007-11-18 20:12 71,232 --a------ C:\WINDOWS\system32\vqsqends.exe
    2007-11-17 16:53 71,232 --a------ C:\WINDOWS\system32\snilncri.exe
    2007-11-15 22:39 71,232 --a------ C:\WINDOWS\system32\cpjnglpj.exe
    2007-11-15 20:09 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-11-15 19:05 36,352 --a------ C:\WINDOWS\system32\rqrpool.dll
    2007-11-15 19:04 <REP> d-------- C:\WINDOWS\system32\rMa18yy
    2007-11-15 19:04 <REP> d-------- C:\Temp\abW9
    2007-11-14 22:45 79,424 --a------ C:\WINDOWS\system32\asokpkqn.dll
    2007-11-14 22:42 <REP> d-------- C:\VundoFix Backups
    2007-11-14 22:37 71,232 --a------ C:\WINDOWS\system32\rnvcovfv.exe
    2007-11-14 10:06 37,376 --a------ C:\WINDOWS\system32\ddcaxwx.dll
    2007-11-13 23:21 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-13 23:20 812,344 --a------ C:\Program Files\HJTInstall.exe
    2007-11-13 22:59 85,056 --a------ C:\WINDOWS\system32\pcihhmcj.dll
    2007-11-13 22:59 40,960 --a------ C:\Documents and Settings\Ronan\f.exe
    2007-11-13 22:59 1,815 --a------ C:\Documents and Settings\Ronan\x.dat
    2007-11-13 22:58 172,032 --a------ C:\winlogon.exe
    2007-11-13 22:58 36,352 --a------ C:\WINDOWS\system32\xxyxyyv.dll
    2007-11-13 22:58 262 --a------ C:\Documents and Settings\Ronan\z.dat
    2007-11-13 22:58 0 --a------ C:\x.dat
    2007-11-13 20:46 80,448 --a------ C:\WINDOWS\system32\qocfufiu.dll
    2007-11-13 20:37 71,232 --a------ C:\WINDOWS\system32\gbpudrqw.exe
    2007-11-08 17:58 16,512 -ra------ C:\WINDOWS\system32\drivers\Brndis.sys
    2007-11-06 19:19 <REP> d-------- C:\Documents and Settings\Ronan\Application Data\Lavasoft
    2007-11-06 19:10 786 --a------ C:\8985.bat
    2007-11-04 16:48 <REP> d-------- C:\WINDOWS\pss
    2007-11-04 16:01 535,512 --a------ C:\Program Files\aaaapllangs.exe
    2007-11-04 15:55 18,164,640 --a------ C:\Program Files\aaw2007.exe
    2007-11-04 13:35 786 --a------ C:\2854.bat
    2007-11-04 11:05 786 --a------ C:\5028.bat
    2007-11-02 21:42 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-02 21:39 120 --a------ C:\n.bat
    2007-11-02 21:39 0 --a------ C:\z.dat
    2007-11-02 21:38 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-11-02 21:38 <REP> d-------- C:\Temp\mZOr
    2007-11-02 21:38 <REP> d-------- C:\Temp
    2007-11-02 21:34 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-30 18:02 <REP> d-------- C:\Program Files\SCi Games
    2007-10-30 17:31 75,776 --a------ C:\WINDOWS\system32\gzmrotate.dll
    2007-10-29 21:41 <REP> d-------- C:\Program Files\thriXXX
    2007-10-29 21:29 <REP> d-------- C:\Program Files\PlayMP3z
    2007-10-28 22:09 <REP> d-------- C:\Documents and Settings\Ronan\Application Data\SecondLife

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-19 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-14 09:36 --------- d-----w C:\Program Files\eMule
    2007-11-13 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-06 19:54 --------- d-----w C:\Program Files\LimeWire
    2007-11-06 18:07 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
    2007-11-06 18:04 --------- d-----w C:\Program Files\BoontyGames
    2007-11-04 14:58 --------- d-----w C:\Program Files\Lavasoft
    2007-11-04 10:39 --------- d-----w C:\Program Files\Java
    2007-10-30 19:43 79,875 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-10-30 18:55 40,733 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-10-30 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-20 13:47 --------- d-----w C:\Program Files\ENJOY Plus!
    2007-10-12 18:21 --------- d-----w C:\Program Files\Fichiers communs\snp2std
    2007-10-10 16:23 24,536,608 ----a-w C:\Program Files\AdbeRdr810_fr_FR.exe
    2007-10-08 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2007-10-08 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2007-10-08 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
    2007-10-08 09:24 --------- d-----w C:\Program Files\Real
    2007-10-08 09:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-10-08 09:22 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-10-03 20:58 --------- d-----w C:\Program Files\Google
    2007-10-02 15:10 33,511 ----a-w C:\WINDOWS\system32\ninjaext-uninstall.exe
    2007-10-01 11:15 839,692 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2007-10-01 11:15 839,691 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2007-09-29 16:45 --------- d-----w C:\Program Files\InterActual
    2007-09-26 18:38 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-09-23 16:42 --------- d-----w C:\Documents and Settings\Ronan\Application Data\CyberLink
    2007-09-20 20:37 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-09-05 20:30 4,682,282 ----a-w C:\Program Files\SyllabiK4.02.exe
    2007-08-25 12:29 884,736 ----a-w C:\Program Files\vanbasco_french.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-20 17:58 75,264 ----a-w C:\WINDOWS\system32\ninjaext.dll
    2007-07-12 21:09 78,837,111 ----a-w C:\Program Files\flstudio7_RC6b.exe
    2007-07-02 11:20 493,160 ----a-w C:\Program Files\incredimail_install.exe
    2007-06-22 17:17 35,246,592 ----a-w C:\Program Files\directx_9c_oct05sdk_redist.exe
    2007-06-06 19:15 448,702,592 ----a-w C:\Program Files\exel.exe
    2007-06-05 21:43 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-04-29 18:50 22,845,992 ----a-w C:\Program Files\AdbeRdr80_fr_FR.exe
    2007-04-23 17:08 7,988,791 ----a-w C:\Program Files\The Fly.zip
    2007-04-20 12:00 4,301,387 ----a-w C:\Program Files\Shareaza_2.2.5.0.exe
    2007-04-16 15:53 6,798,298 ----a-w C:\Program Files\Photoshop_album_SE_3_0_FR.zip
    2007-04-15 09:43 5,357,287 ----a-w C:\Program Files\Install MPD.exe
    2007-04-14 17:00 4,859,480 ----a-w C:\Program Files\MsgPlusLive-411.exe
    2007-04-12 22:04 13,446,648 ----a-w C:\Program Files\setupfre.exe
    2007-03-27 16:10 14,730,232 ----a-w C:\Program Files\DivXInstaller.exe
    2007-03-27 13:30 0 ----a-w C:\Documents and Settings\Ronan\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{408ce02e-58f1-45d4-8cfd-b1569ac82a28}]
    C:\WINDOWS\system32\ryfgmoko.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4056E04-14D8-47ED-8417-B96B4A8BBE13}]
    C:\Program Files\Windows Media Player\vigyreC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-19 22:44 145984 --a------ C:\WINDOWS\system32\lhwxggwj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\lhwxggwj.dll [2007-11-19 22:44 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\lhwxggwj.dll [2007-11-19 22:44 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 06:29]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-08-09 23:45]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 14:24]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
    "SkyTel"="SkyTel.EXE" [2007-03-22 19:18 C:\WINDOWS\SkyTel.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-03-22 19:18 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2007-03-22 19:18 C:\WINDOWS\alcwzrd.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06]
    "FixCamera"="C:\WINDOWS\FixCamera.exe" [2006-10-09 16:32]
    "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-09-27 17:01]
    "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-25 12:40]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
    "3462f406"="C:\WINDOWS\system32\hdlgsyqy.dll" [2007-11-19 20:16]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 21:39]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-06-12 10:28]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kwgaahlz]
    kwgaahlz.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lhwxggwj]
    lhwxggwj.dll 2007-11-19 22:44 145984 C:\WINDOWS\system32\lhwxggwj.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedb.dll

    R3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys
    R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 kbeepm;kbeepm;\??\C:\DOCUME~1\Ronan\LOCALS~1\Temp\kbeepm.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-19 23:10:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-19 23:13:07 - machine was rebooted
    .
    --- E O F ---
    0
  18. cgui33 Messages postés 1176 Statut Membre 10
     
    Salut
    il était moins une !
    j'allais éteindre le PC (je pars pour 3 jours en déplacement !)

    Apparemment tu étais vraiment très infectée !!!
    Ce qu'il te faudrait : c'est installer un parefeu !! (tu n'en as pas !)
    Ensuite tu pourras refaire un scan avec HijackThis et poster le rapport !
    T'as jusqu'à jeudi pour le faire ...
    A+
    0
  19. eliza
     
    Re moi;

    un pare feu c'est pas avast heuuu bon j'avoue je suis pire que pas douée je fais sa comment looll
    Eliza
    0
  20. cgui33 Messages postés 1176 Statut Membre 10
     
    Salut
    Je suis de retour !

    Avast est seulement un antivirus !
    vas voir ici :
    http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet

    Tu peux essayer Sygate personal firewall (gratuit)
    A+
    0
  21. eliza
     
    Salut,
    je vais voir sa
    merci sinon je crois que j'ai toujour mes ptit souci de virus pffff
    Eliza
    0
  • 1
  • 2