Help pour éliminerTrojan ConHook et tiny.id

Résolu
filouflat -  
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
je n'arrive pas a me débarrasser de ces foutu trojan, svp aidez moi. Voici le rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:14, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [88b345ba] rundll32.exe "C:\WINDOWS\system32\rqquilxe.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DEA31.dat
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

25 réponses

  • 1
  • 2
Réponse 1 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
salut filouflat

tu n´as ni par feu ni antivirus ?!?!?!?!

instale ceci et reviens apres...

anti virus : antivir

https://www.malekal.com/avira-free-security-antivirus-gratuit/

par feu : kerio

Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html

Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> https://kerio.probb.fr/

Plus d'info :
->https://kerio.probb.fr/

@+
0
Réponse 2 / 25
filouflat
 
Le pb c'est que l'antivirus ouvre trop de fenetres d'alerte donc bloque complétement le pc.
Je suis donc obligé de le désactiver pour pouvoir faire qque chose.
Il affiche systématiquement: trojan horse TR/DLdr.Agen.ZV.1.B
emplacement C:\WINDOWS\system32\_c008E63B.dat

Nouveau hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:27, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\crtewbnv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [88b345ba] rundll32.exe "C:\WINDOWS\system32\wcpeyiwo.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c008E63B.dat
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 3 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

on attaque,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 4 / 25
filouflat
 
et voici le rapport

ComboFix 07-11-19.4 - ccil&filou 2007-11-26 22:11:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.67 [GMT 1:00]
Running from: C:\Documents and Settings\ccil&filou\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\ccil&filou\Application Data\inst.exe
C:\Documents and Settings\ccil&filou\Bureau\Live Safety Center.lnk
C:\Documents and Settings\ccil&filou\Bureau\Online Security Guide.lnk
C:\Documents and Settings\ccil&filou\Favoris\Online Security Guide.lnk
C:\WINDOWS\image047.zip
C:\WINDOWS\photo_album64.zip
C:\WINDOWS\photo_album7.zip
C:\WINDOWS\photo21.zip
C:\WINDOWS\photo51.zip
C:\WINDOWS\photo69.zip
C:\WINDOWS\system32\__c00C9C51.dat
C:\WINDOWS\system32\cbaby.dll
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\qrceorsy.exe
C:\WINDOWS\system32\sbazlbze.dllbox
C:\WINDOWS\system32\shijsulj.dll
C:\WINDOWS\system32\winspool.dll
C:\WINDOWS\system32\ybabc.bak1
C:\WINDOWS\system32\ybabc.bak2
C:\WINDOWS\system32\ybabc.ini
C:\WINDOWS\system32\ybabc.ini2
C:\WINDOWS\system32\ybabc.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 22:09 85,056 --a------ C:\WINDOWS\system32\sllhgcgu.dll
2007-11-26 22:09 294 ---hs---- C:\WINDOWS\system32\ugcghlls.ini
2007-11-26 22:06 145,984 --a------ C:\WINDOWS\system32\sbazlbze.dll
2007-11-26 22:06 145,984 --a------ C:\WINDOWS\system32\pfgaufah.dll
2007-11-26 22:03 80,960 --a------ C:\WINDOWS\system32\aewtgbch.dll
2007-11-26 22:00 71,232 --a------ C:\WINDOWS\system32\vxnlkpdh.exe
2007-11-26 20:07 294 ---hs---- C:\WINDOWS\system32\wfntakcu.ini
2007-11-26 19:45 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-26 19:06 <REP> d-------- C:\Program Files\Avira
2007-11-26 19:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-26 18:50 414 ---hs---- C:\WINDOWS\system32\owiyepcw.ini
2007-11-26 13:59 354 ---hs---- C:\WINDOWS\system32\snsceseg.ini
2007-11-26 10:00 774 ---hs---- C:\WINDOWS\system32\exliuqqr.ini
2007-11-26 09:26 714 ---hs---- C:\WINDOWS\system32\rntfsggu.ini
2007-11-26 09:10 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-26 08:40 594 ---hs---- C:\WINDOWS\system32\bkdeghqb.ini
2007-11-26 08:07 <REP> d-------- C:\Program Files\Trend Micro
2007-11-26 08:07 474 ---hs---- C:\WINDOWS\system32\mgeimwam.ini
2007-11-25 20:30 <REP> d-------- C:\VundoFix Backups
2007-11-25 19:24 <REP> C:\Documents and Settings\ccil2007-11-25 19:24 <REP> filou\Application Data\Grisoft
2007-11-25 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-25 19:24 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 20:52 1,134 ---hs---- C:\WINDOWS\system32\lipfrimo.ini
2007-11-22 19:52 354 ---hs---- C:\WINDOWS\system32\yunocvua.ini
2007-11-22 18:46 294 ---hs---- C:\WINDOWS\system32\mbiopbml.ini
2007-11-20 21:57 1,014 ---hs---- C:\WINDOWS\system32\mpuuxrer.ini
2007-11-20 21:54 834 ---hs---- C:\WINDOWS\system32\krteomwl.ini
2007-11-20 21:46 774 ---hs---- C:\WINDOWS\system32\rqcwybwj.ini
2007-11-20 21:35 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-18 00:58 714 ---hs---- C:\WINDOWS\system32\mcmwdvrl.ini
2007-11-18 00:53 526 ---hs---- C:\WINDOWS\system32\qawqhlqy.tmp
2007-11-12 17:15 1,314 ---hs---- C:\WINDOWS\system32\jhoixxya.ini
2007-11-12 08:20 1,194 ---hs---- C:\WINDOWS\system32\qtgldsio.ini
2007-11-11 19:38 1,014 ---hs---- C:\WINDOWS\system32\ldrkxfmw.ini
2007-11-11 19:10 894 ---hs---- C:\WINDOWS\system32\prquxyac.ini
2007-11-11 18:54 774 ---hs---- C:\WINDOWS\system32\cavpugqs.ini
2007-11-11 09:50 654 ---hs---- C:\WINDOWS\system32\gmshdpie.ini
2007-11-10 20:25 534 ---hs---- C:\WINDOWS\system32\tuxcmuwv.ini
2007-11-10 10:35 354 ---hs---- C:\WINDOWS\system32\mpxxpfit.ini
2007-11-10 09:44 354 ---hs---- C:\WINDOWS\system32\yjlsgdum.ini
2007-11-10 09:20 354 ---hs---- C:\WINDOWS\system32\tdpwnjpr.ini
2007-11-09 21:03 414 ---hs---- C:\WINDOWS\system32\ewxvmbme.ini
2007-11-09 08:44 354 ---hs---- C:\WINDOWS\system32\rfhybgpg.ini
2007-11-08 07:58 354 ---hs---- C:\WINDOWS\system32\xejtffig.ini
2007-11-08 07:51 354 ---hs---- C:\WINDOWS\system32\stbdimfq.tmp
2007-11-06 20:24 294 ---hs---- C:\WINDOWS\system32\gyckmyyw.ini
2007-11-05 09:27 294 ---hs---- C:\WINDOWS\system32\lpaanxdn.ini
2007-11-04 20:01 <REP> C:\Documents and Settings\ccil2007-11-04 20:01 <REP> filou\Application Data\CopyTransManager
2007-11-04 19:43 294 ---hs---- C:\WINDOWS\system32\qnbrxryb.ini
2007-11-04 14:18 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2007-11-04 14:18 86,912 --a------ C:\WINDOWS\system32\tasp.dll
2007-11-04 14:18 36,864 --a------ C:\WINDOWS\system32\Tasi.dll
2007-11-04 11:35 <REP> d-------- C:\Contacts
2007-11-04 11:29 <REP> d-------- C:\Program Files\EphPod
2007-11-03 19:38 1,554 ---hs---- C:\WINDOWS\system32\kaguidxm.ini
2007-11-02 07:55 1,314 ---hs---- C:\WINDOWS\system32\lsfpgfeo.ini
2007-11-02 07:45 1,134 ---hs---- C:\WINDOWS\system32\txqjagas.ini
2007-11-01 20:59 1,014 ---hs---- C:\WINDOWS\system32\vswparsk.ini
2007-10-31 21:28 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-31 21:28 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-31 21:22 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-31 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-31 20:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-31 20:55 894 ---hs---- C:\WINDOWS\system32\bcbrjltw.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 19:23 --------- d-----w C:\Program Files\Everest Poker
2007-11-25 18:24 --------- d-----w C:\Documents and Settings\ccil&filou\Application Data\Grisoft
2007-11-20 20:36 86,094 -c--a-w C:\WINDOWS\BPMNT.dll
2007-11-20 20:36 1,163,344 -c--a-w C:\WINDOWS\vsapi32.dll
2007-11-18 20:30 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll
2007-11-18 20:30 267,845 -c--a-w C:\WINDOWS\tsc.exe
2007-11-18 20:27 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
2007-11-18 20:27 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-18 20:27 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
2007-11-15 20:31 --------- d-----w C:\Program Files\eMule
2007-11-04 19:04 --------- d-----w C:\Documents and Settings\ccil&filou\Application Data\CopyTransManager
2007-11-01 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 07:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 09:01 --------- d-----w C:\Program Files\Multi_Media_France
2007-10-20 08:34 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2007-10-16 05:58 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-16 05:56 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-14 07:03 --------- d-----w C:\Program Files\Apple Software Update
2007-10-14 06:35 --------- d-----w C:\Program Files\Java
2007-10-10 05:56 --------- d-----w C:\Program Files\Free Easy Burner
2007-05-29 21:04 47,360 ----a-w C:\Documents and Settings\ccil&filou\Application Data\pcouffin.sys
2007-05-14 18:02 87,608 ----a-w C:\Documents and Settings\ccil&filou\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d455e30-ad8b-45a8-a915-f94d916205a4}]
2007-11-26 22:03 80960 --a------ C:\WINDOWS\system32\aewtgbch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-26 22:06 145984 --a------ C:\WINDOWS\system32\sbazlbze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\sbazlbze.dll [2007-11-26 22:06 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 15:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 10:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 10:01]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 11:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 02:14]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-07-01 10:58]
"PD0620 STISvc"="RunDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-17 19:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"88b345ba"="C:\WINDOWS\system32\sllhgcgu.dll" [2007-11-26 22:09]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-26 19:14]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
C:\WINDOWS\system32\klogon.dll 2007-06-26 16:53 206088 C:\WINDOWS\system32\klogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbazlbze]
sbazlbze.dll 2007-11-26 22:06 145984 C:\WINDOWS\system32\sbazlbze.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbaby.dll

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 MTC0005_MTCDIO;Wireless HotKey Driver;C:\WINDOWS\system32\drivers\MTCDIO.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 MTCDIO;MTCDIO;C:\WINDOWS\system32\DRIVERS\MTCDIO.sys
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-17 12:50:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-26 19:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-11-16 18:39:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 22:38:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 22:45:45 - machine was rebooted
.
--- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

et repost un log hijackthis ,
0
Réponse 6 / 25
filouflat
 
voici le rapport vundofix

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 20:30:14 25/11/2007

Listing files found while scanning....

C:\windows\system32\__c0013882.dat
C:\windows\system32\__c0018879.dat
C:\windows\system32\__c0035F2E.dat
C:\windows\system32\__c003E90.dat
C:\windows\system32\__c0048322.dat
C:\windows\system32\__c005D71A.dat
C:\windows\system32\__c006B7A2.dat
C:\windows\system32\__c007DE10.dat
C:\windows\system32\__c008D4D4.dat
C:\windows\system32\__c008F761.dat
C:\windows\system32\__c0095C4D.dat
C:\windows\system32\__c00A1BC1.dat
C:\windows\system32\__c00AF260.dat
C:\windows\system32\__c00B5B3E.dat
C:\windows\system32\__c00BEA90.dat
C:\windows\system32\__c00C41E2.dat
C:\windows\system32\__c00CE151.dat
C:\windows\system32\__c00DB3A1.dat
C:\windows\system32\__c00DFDB6.dat
C:\windows\system32\__c00E4166.dat
C:\windows\system32\__c00F8332.dat
C:\windows\system32\__c00FD60B.dat
C:\windows\system32\audiwhvo.dll
C:\windows\system32\btqukcok.dll
C:\windows\system32\byxvuss.dll
C:\windows\system32\cxkpyxkj.dll
C:\windows\system32\deeuqxuy.dll
C:\windows\system32\dvijyyxl.dll
C:\windows\system32\exkowagv.dll
C:\windows\system32\gebabcb.dll
C:\windows\system32\ggixiffn.dll
C:\windows\system32\hbsrjilb.dll
C:\windows\system32\hkxjjbqd.dll
C:\windows\system32\hlxdddxs.dll
C:\windows\system32\iotaesti.dll
C:\WINDOWS\system32\iyoyvmur.dll
C:\windows\system32\iyoyvmur.dllbox
C:\windows\system32\jlnwsnwu.dll
C:\windows\system32\jxjjbcrk.dll
C:\windows\system32\kraatntl.dll
C:\windows\system32\lffueebt.dll
C:\windows\system32\luuukvde.dll
C:\windows\system32\mojjysrg.dll
C:\windows\system32\pghgbhty.dll
C:\windows\system32\pixhmgat.dll
C:\WINDOWS\system32\qmwdqotq.dll
C:\windows\system32\rquohxxf.dll
C:\windows\system32\rrqbckyj.dll
C:\windows\system32\tjdvgmjk.dll
C:\windows\system32\tlfmwcik.dll
C:\windows\system32\tovfridn.dll
C:\windows\system32\ttgvoevb.dllbox
C:\windows\system32\uxjioubs.dll
C:\windows\system32\vbhsnvbt.dll
C:\windows\system32\vpjahqut.dll
C:\windows\system32\vqowpgsw.dll
C:\windows\system32\wjqxqkoj.dll
C:\windows\system32\wwpymkiy.dll
C:\windows\system32\xceansgw.dll
C:\windows\system32\ximwrcbu.dll
C:\windows\system32\xylsoctd.dll
C:\windows\system32\yedkgvxl.dll
C:\windows\system32\ykxckaxd.dll
C:\windows\system32\ymonojpb.dll

Beginning removal...

Attempting to delete C:\windows\system32\__c0013882.dat
C:\windows\system32\__c0013882.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0018879.dat
C:\windows\system32\__c0018879.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0035F2E.dat
C:\windows\system32\__c0035F2E.dat Has been deleted!

Attempting to delete C:\windows\system32\__c003E90.dat
C:\windows\system32\__c003E90.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0048322.dat
C:\windows\system32\__c0048322.dat Has been deleted!

Attempting to delete C:\windows\system32\__c005D71A.dat
C:\windows\system32\__c005D71A.dat Could not be deleted.

Attempting to delete C:\windows\system32\__c006B7A2.dat
C:\windows\system32\__c006B7A2.dat Has been deleted!

Attempting to delete C:\windows\system32\__c007DE10.dat
C:\windows\system32\__c007DE10.dat Has been deleted!

Attempting to delete C:\windows\system32\__c008D4D4.dat
C:\windows\system32\__c008D4D4.dat Has been deleted!

Attempting to delete C:\windows\system32\__c008F761.dat
C:\windows\system32\__c008F761.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0095C4D.dat
C:\windows\system32\__c0095C4D.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A1BC1.dat
C:\windows\system32\__c00A1BC1.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00AF260.dat
C:\windows\system32\__c00AF260.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00B5B3E.dat
C:\windows\system32\__c00B5B3E.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00BEA90.dat
C:\windows\system32\__c00BEA90.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00C41E2.dat
C:\windows\system32\__c00C41E2.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00CE151.dat
C:\windows\system32\__c00CE151.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00DB3A1.dat
C:\windows\system32\__c00DB3A1.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00DFDB6.dat
C:\windows\system32\__c00DFDB6.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00E4166.dat
C:\windows\system32\__c00E4166.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00F8332.dat
C:\windows\system32\__c00F8332.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00FD60B.dat
C:\windows\system32\__c00FD60B.dat Has been deleted!

Attempting to delete C:\windows\system32\audiwhvo.dll
C:\windows\system32\audiwhvo.dll Has been deleted!

Attempting to delete C:\windows\system32\btqukcok.dll
C:\windows\system32\btqukcok.dll Has been deleted!

Attempting to delete C:\windows\system32\byxvuss.dll
C:\windows\system32\byxvuss.dll Has been deleted!

Attempting to delete C:\windows\system32\cxkpyxkj.dll
C:\windows\system32\cxkpyxkj.dll Has been deleted!

Attempting to delete C:\windows\system32\deeuqxuy.dll
C:\windows\system32\deeuqxuy.dll Has been deleted!

Attempting to delete C:\windows\system32\dvijyyxl.dll
C:\windows\system32\dvijyyxl.dll Has been deleted!

Attempting to delete C:\windows\system32\exkowagv.dll
C:\windows\system32\exkowagv.dll Has been deleted!

Attempting to delete C:\windows\system32\gebabcb.dll
C:\windows\system32\gebabcb.dll Has been deleted!

Attempting to delete C:\windows\system32\ggixiffn.dll
C:\windows\system32\ggixiffn.dll Has been deleted!

Attempting to delete C:\windows\system32\hbsrjilb.dll
C:\windows\system32\hbsrjilb.dll Has been deleted!

Attempting to delete C:\windows\system32\hkxjjbqd.dll
C:\windows\system32\hkxjjbqd.dll Has been deleted!

Attempting to delete C:\windows\system32\hlxdddxs.dll
C:\windows\system32\hlxdddxs.dll Has been deleted!

Attempting to delete C:\windows\system32\iotaesti.dll
C:\windows\system32\iotaesti.dll Has been deleted!

Attempting to delete C:\windows\system32\iyoyvmur.dllbox
C:\windows\system32\iyoyvmur.dllbox Has been deleted!

Attempting to delete C:\windows\system32\jlnwsnwu.dll
C:\windows\system32\jlnwsnwu.dll Has been deleted!

Attempting to delete C:\windows\system32\jxjjbcrk.dll
C:\windows\system32\jxjjbcrk.dll Has been deleted!

Attempting to delete C:\windows\system32\kraatntl.dll
C:\windows\system32\kraatntl.dll Has been deleted!

Attempting to delete C:\windows\system32\lffueebt.dll
C:\windows\system32\lffueebt.dll Has been deleted!

Attempting to delete C:\windows\system32\luuukvde.dll
C:\windows\system32\luuukvde.dll Has been deleted!

Attempting to delete C:\windows\system32\mojjysrg.dll
C:\windows\system32\mojjysrg.dll Has been deleted!

Attempting to delete C:\windows\system32\pghgbhty.dll
C:\windows\system32\pghgbhty.dll Has been deleted!

Attempting to delete C:\windows\system32\pixhmgat.dll
C:\windows\system32\pixhmgat.dll Has been deleted!

Attempting to delete C:\windows\system32\rquohxxf.dll
C:\windows\system32\rquohxxf.dll Has been deleted!

Attempting to delete C:\windows\system32\rrqbckyj.dll
C:\windows\system32\rrqbckyj.dll Has been deleted!

Attempting to delete C:\windows\system32\tjdvgmjk.dll
C:\windows\system32\tjdvgmjk.dll Has been deleted!

Attempting to delete C:\windows\system32\tlfmwcik.dll
C:\windows\system32\tlfmwcik.dll Has been deleted!

Attempting to delete C:\windows\system32\tovfridn.dll
C:\windows\system32\tovfridn.dll Has been deleted!

Attempting to delete C:\windows\system32\ttgvoevb.dllbox
C:\windows\system32\ttgvoevb.dllbox Has been deleted!

Attempting to delete C:\windows\system32\uxjioubs.dll
C:\windows\system32\uxjioubs.dll Has been deleted!

Attempting to delete C:\windows\system32\vbhsnvbt.dll
C:\windows\system32\vbhsnvbt.dll Has been deleted!

Attempting to delete C:\windows\system32\vpjahqut.dll
C:\windows\system32\vpjahqut.dll Has been deleted!

Attempting to delete C:\windows\system32\vqowpgsw.dll
C:\windows\system32\vqowpgsw.dll Has been deleted!

Attempting to delete C:\windows\system32\wjqxqkoj.dll
C:\windows\system32\wjqxqkoj.dll Has been deleted!

Attempting to delete C:\windows\system32\wwpymkiy.dll
C:\windows\system32\wwpymkiy.dll Has been deleted!

Attempting to delete C:\windows\system32\xceansgw.dll
C:\windows\system32\xceansgw.dll Has been deleted!

Attempting to delete C:\windows\system32\ximwrcbu.dll
C:\windows\system32\ximwrcbu.dll Has been deleted!

Attempting to delete C:\windows\system32\xylsoctd.dll
C:\windows\system32\xylsoctd.dll Has been deleted!

Attempting to delete C:\windows\system32\yedkgvxl.dll
C:\windows\system32\yedkgvxl.dll Has been deleted!

Attempting to delete C:\windows\system32\ykxckaxd.dll
C:\windows\system32\ykxckaxd.dll Has been deleted!

Attempting to delete C:\windows\system32\ymonojpb.dll
C:\windows\system32\ymonojpb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:42:56 25/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 09:22:00 26/11/2007

Listing files found while scanning....

C:\windows\system32\__c00789DD.dat
C:\windows\system32\__c00A9563.dat
C:\windows\system32\__c00F1704.dat
C:\windows\system32\bbviceva.dll
C:\windows\system32\bfykmwpd.dll
C:\windows\system32\jfbwhvib.dll
C:\WINDOWS\system32\jmxudgph.dll
C:\windows\system32\jmxudgph.dllbox
C:\windows\system32\kfcshfxp.exe
C:\windows\system32\ouxlhfmh.dll
C:\windows\system32\qatosijd.dll
C:\windows\system32\rjjhbxpp.exe

Beginning removal...

Attempting to delete C:\windows\system32\__c00789DD.dat
C:\windows\system32\__c00789DD.dat Could not be deleted.

Attempting to delete C:\windows\system32\__c00A9563.dat
C:\windows\system32\__c00A9563.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00F1704.dat
C:\windows\system32\__c00F1704.dat Has been deleted!

Attempting to delete C:\windows\system32\bbviceva.dll
C:\windows\system32\bbviceva.dll Has been deleted!

Attempting to delete C:\windows\system32\bfykmwpd.dll
C:\windows\system32\bfykmwpd.dll Has been deleted!

Attempting to delete C:\windows\system32\jfbwhvib.dll
C:\windows\system32\jfbwhvib.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmxudgph.dll
C:\WINDOWS\system32\jmxudgph.dll Has been deleted!

Attempting to delete C:\windows\system32\jmxudgph.dllbox
C:\windows\system32\jmxudgph.dllbox Has been deleted!

Attempting to delete C:\windows\system32\kfcshfxp.exe
C:\windows\system32\kfcshfxp.exe Has been deleted!

Attempting to delete C:\windows\system32\ouxlhfmh.dll
C:\windows\system32\ouxlhfmh.dll Has been deleted!

Attempting to delete C:\windows\system32\qatosijd.dll
C:\windows\system32\qatosijd.dll Has been deleted!

Attempting to delete C:\windows\system32\rjjhbxpp.exe
C:\windows\system32\rjjhbxpp.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 09:36:37 26/11/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 08:46:28 27/11/2007

Listing files found while scanning....

C:\windows\system32\sbazlbze.dll
C:\windows\system32\sbazlbze.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\sbazlbze.dll
C:\windows\system32\sbazlbze.dll Has been deleted!

Attempting to delete C:\windows\system32\sbazlbze.dllbox
C:\windows\system32\sbazlbze.dllbox Has been deleted!

Performing Repairs to the registry.
Done!



et hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:40, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {4a502619-d49f-519a-8a54-b8da03e554d2} - {2d455e30-ad8b-45a8-a915-f94d916205a4} - C:\WINDOWS\system32\aewtgbch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [88b345ba] rundll32.exe "C:\WINDOWS\system32\sllhgcgu.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 7 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
salut filouflat,

peux tu refaire un combofix et me poster le resultat stp

@+
0
Réponse 8 / 25
filouflat
 
le voila

ComboFix 07-11-19.4 - ccil&filou 2007-11-27 16:23:58.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.111 [GMT 1:00]
Running from: C:\Documents and Settings\ccil&filou\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\ccil&filou\Favoris\Online Security Guide.lnk

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 22:09 85,056 --a------ C:\WINDOWS\system32\sllhgcgu.dll
2007-11-26 22:09 294 ---hs---- C:\WINDOWS\system32\ugcghlls.ini
2007-11-26 22:06 145,984 --a------ C:\WINDOWS\system32\pfgaufah.dll
2007-11-26 22:03 80,960 --a------ C:\WINDOWS\system32\aewtgbch.dll
2007-11-26 22:00 71,232 --a------ C:\WINDOWS\system32\vxnlkpdh.exe
2007-11-26 20:07 294 ---hs---- C:\WINDOWS\system32\wfntakcu.ini
2007-11-26 19:45 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-26 19:06 <REP> d-------- C:\Program Files\Avira
2007-11-26 19:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-26 18:50 414 ---hs---- C:\WINDOWS\system32\owiyepcw.ini
2007-11-26 13:59 354 ---hs---- C:\WINDOWS\system32\snsceseg.ini
2007-11-26 10:00 774 ---hs---- C:\WINDOWS\system32\exliuqqr.ini
2007-11-26 09:26 714 ---hs---- C:\WINDOWS\system32\rntfsggu.ini
2007-11-26 09:10 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-26 08:40 594 ---hs---- C:\WINDOWS\system32\bkdeghqb.ini
2007-11-26 08:07 <REP> d-------- C:\Program Files\Trend Micro
2007-11-26 08:07 474 ---hs---- C:\WINDOWS\system32\mgeimwam.ini
2007-11-25 20:30 <REP> d-------- C:\VundoFix Backups
2007-11-25 19:24 <REP> C:\Documents and Settings\ccil2007-11-25 19:24 <REP> filou\Application Data\Grisoft
2007-11-25 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-25 19:24 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 20:52 1,134 ---hs---- C:\WINDOWS\system32\lipfrimo.ini
2007-11-22 19:52 354 ---hs---- C:\WINDOWS\system32\yunocvua.ini
2007-11-22 18:46 294 ---hs---- C:\WINDOWS\system32\mbiopbml.ini
2007-11-20 21:57 1,014 ---hs---- C:\WINDOWS\system32\mpuuxrer.ini
2007-11-20 21:54 834 ---hs---- C:\WINDOWS\system32\krteomwl.ini
2007-11-20 21:46 774 ---hs---- C:\WINDOWS\system32\rqcwybwj.ini
2007-11-20 21:35 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-18 00:58 714 ---hs---- C:\WINDOWS\system32\mcmwdvrl.ini
2007-11-18 00:53 526 ---hs---- C:\WINDOWS\system32\qawqhlqy.tmp
2007-11-12 17:15 1,314 ---hs---- C:\WINDOWS\system32\jhoixxya.ini
2007-11-12 08:20 1,194 ---hs---- C:\WINDOWS\system32\qtgldsio.ini
2007-11-11 19:38 1,014 ---hs---- C:\WINDOWS\system32\ldrkxfmw.ini
2007-11-11 19:10 894 ---hs---- C:\WINDOWS\system32\prquxyac.ini
2007-11-11 18:54 774 ---hs---- C:\WINDOWS\system32\cavpugqs.ini
2007-11-11 09:50 654 ---hs---- C:\WINDOWS\system32\gmshdpie.ini
2007-11-10 20:25 534 ---hs---- C:\WINDOWS\system32\tuxcmuwv.ini
2007-11-10 10:35 354 ---hs---- C:\WINDOWS\system32\mpxxpfit.ini
2007-11-10 09:44 354 ---hs---- C:\WINDOWS\system32\yjlsgdum.ini
2007-11-10 09:20 354 ---hs---- C:\WINDOWS\system32\tdpwnjpr.ini
2007-11-09 21:03 414 ---hs---- C:\WINDOWS\system32\ewxvmbme.ini
2007-11-09 08:44 354 ---hs---- C:\WINDOWS\system32\rfhybgpg.ini
2007-11-08 07:58 354 ---hs---- C:\WINDOWS\system32\xejtffig.ini
2007-11-08 07:51 354 ---hs---- C:\WINDOWS\system32\stbdimfq.tmp
2007-11-06 20:24 294 ---hs---- C:\WINDOWS\system32\gyckmyyw.ini
2007-11-05 09:27 294 ---hs---- C:\WINDOWS\system32\lpaanxdn.ini
2007-11-04 20:01 <REP> C:\Documents and Settings\ccil2007-11-04 20:01 <REP> filou\Application Data\CopyTransManager
2007-11-04 19:43 294 ---hs---- C:\WINDOWS\system32\qnbrxryb.ini
2007-11-04 14:18 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2007-11-04 14:18 86,912 --a------ C:\WINDOWS\system32\tasp.dll
2007-11-04 14:18 36,864 --a------ C:\WINDOWS\system32\Tasi.dll
2007-11-04 11:35 <REP> d-------- C:\Contacts
2007-11-04 11:29 <REP> d-------- C:\Program Files\EphPod
2007-11-03 19:38 1,554 ---hs---- C:\WINDOWS\system32\kaguidxm.ini
2007-11-02 07:55 1,314 ---hs---- C:\WINDOWS\system32\lsfpgfeo.ini
2007-11-02 07:45 1,134 ---hs---- C:\WINDOWS\system32\txqjagas.ini
2007-11-01 20:59 1,014 ---hs---- C:\WINDOWS\system32\vswparsk.ini
2007-10-31 21:28 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-31 21:28 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-31 21:22 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-31 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-31 20:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-31 20:55 894 ---hs---- C:\WINDOWS\system32\bcbrjltw.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 19:23 --------- d-----w C:\Program Files\Everest Poker
2007-11-25 18:24 --------- d-----w C:\Documents and Settings\ccil&filou\Application Data\Grisoft
2007-11-20 20:36 86,094 -c--a-w C:\WINDOWS\BPMNT.dll
2007-11-20 20:36 1,163,344 -c--a-w C:\WINDOWS\vsapi32.dll
2007-11-18 20:30 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll
2007-11-18 20:30 267,845 -c--a-w C:\WINDOWS\tsc.exe
2007-11-18 20:27 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
2007-11-18 20:27 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-18 20:27 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
2007-11-15 20:31 --------- d-----w C:\Program Files\eMule
2007-11-04 19:04 --------- d-----w C:\Documents and Settings\ccil&filou\Application Data\CopyTransManager
2007-11-01 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 07:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 09:01 --------- d-----w C:\Program Files\Multi_Media_France
2007-10-20 08:34 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2007-10-16 05:58 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-16 05:56 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-14 07:03 --------- d-----w C:\Program Files\Apple Software Update
2007-10-14 06:35 --------- d-----w C:\Program Files\Java
2007-10-10 05:56 --------- d-----w C:\Program Files\Free Easy Burner
2007-05-29 21:04 47,360 ----a-w C:\Documents and Settings\ccil&filou\Application Data\pcouffin.sys
2007-05-14 18:02 87,608 ----a-w C:\Documents and Settings\ccil&filou\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d455e30-ad8b-45a8-a915-f94d916205a4}]
2007-11-26 22:03 80960 --a------ C:\WINDOWS\system32\aewtgbch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 15:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 10:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 10:01]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 11:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 02:14]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-07-01 10:58]
"PD0620 STISvc"="RunDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-17 19:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"88b345ba"="C:\WINDOWS\system32\sllhgcgu.dll" [2007-11-26 22:09]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-26 19:14]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-09 11:51:42]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
C:\WINDOWS\system32\klogon.dll 2007-06-26 16:53 206088 C:\WINDOWS\system32\klogon.dll

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 MTC0005_MTCDIO;Wireless HotKey Driver;C:\WINDOWS\system32\drivers\MTCDIO.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 MTCDIO;MTCDIO;C:\WINDOWS\system32\DRIVERS\MTCDIO.sys
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-17 12:50:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-26 19:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-11-16 18:39:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 16:57:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 16:59:30
C:\ComboFix2.txt ... 2007-11-26 22:45
.
--- E O F ---
0
Réponse 9 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok je te prepare une manip ,
0
Réponse 10 / 25
filouflat
 
cool!!
0
Réponse 11 / 25
filouflat
 
cool!!
0
Réponse 12 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
SALUT filouflat,

j´ai du m´absenter hier,

voici la manip`

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d455e30-ad8b-45a8-a915-f94d916205a4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"88b345ba"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note: regedit4 doit etre sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\aewtgbch.dll
C:\WINDOWS\system32\sllhgcgu.dll

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

puis

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

post le rapport de ot_move it et celui d´avg

@+
0
Réponse 13 / 25
filouflat
 
salut, voici les rapports


AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 10:17:09 28/11/2007

+ Résultat de l'analyse:



C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\ccil&filou\Cookies\ccil&filou@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport



LoadLibrary failed for C:\WINDOWS\system32\aewtgbch.dll
C:\WINDOWS\system32\aewtgbch.dll NOT unregistered.
C:\WINDOWS\system32\aewtgbch.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\sllhgcgu.dll
C:\WINDOWS\system32\sllhgcgu.dll NOT unregistered.
C:\WINDOWS\system32\sllhgcgu.dll moved successfully.

Created on 11/28/2007 08:45:53

merci encore
0
Réponse 14 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

Télécharge ComboScan sur ton Bureau en bas de cette pae en clickant sur download file

-> http://www.geekstogo.com/forum/files/

Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.

Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.

@+
0
Réponse 15 / 25
filouflat
 
Deckard's System Scanner v20071014.68
Run by ccil&filou on 2007-11-28 10:36:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 480 MiB (512 MiB recommended).[/color]


-- HijackThis (run as ccil&filou.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:31, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ccil&filou\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CCIL&F~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {4a502619-d49f-519a-8a54-b8da03e554d2} - {2d455e30-ad8b-45a8-a915-f94d916205a4} - C:\WINDOWS\system32\aewtgbch.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 16 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
utisise tu des caracteres asiatiques dans office ? lol
0
Réponse 17 / 25
filouflat
 
non ça j'ai arrété, par contre c'est une vielle copie d'office!!!
0
Réponse 18 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres (X) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d455e30-ad8b-45a8-a915-f94d916205a4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit4 doit etre sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

supprime ce fichier

C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe (langage asiatique)

precise l´etat de ton pc et post un nouveau comboscan stp

@+
0
Réponse 19 / 25
filouflat
 
Merci g!rly pour l'instant plus d'alerte antivirus c'est super cool. Le pc est juste un peu long au démarrage mais bon...
Merci encore pour ton aide.
0
Réponse 20 / 25
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
bonsoir,

peux tu faire un scan avec antivir et poster le resultat ici stp
0