Sujet Précédent Sujet Suivant

Trojan horse downloder generic 6 wgf

Résolu/Fermé
sitael - 2 déc. 2007 à 22:38
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 5 déc. 2007 à 15:17
Bonjour,
j'ai un trojan sur mn ordi reconnu par avg 7.5
il est nommé trojan horse downloader.generic6.wgf
et infecté sur le fichier C:/windows/system32/cnetcf.dll
moved object infected et back up copy infected
quelqu'un sait-il comment le supprimer?
j'utilise une connexion wifi
A voir également:

59 réponses

Réponse 1 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 22:43
salut sitael,

Télécharge HijackThis ici :

-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

Tutoriel d´installation (images) :

-> http://pchelpbordeaux.free.fr/tuto.html

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...
0
Réponse 2 / 59
sitael
2 déc. 2007 à 22:52
Logfile of HijackThis v1.99.1
Scan saved at 22:49:15, on 02/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556CDE88-3DD8-4CB2-A2DC-3495B7266D95} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?51bdc3b5f1374f69a8b7db02272f3292
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?51bdc3b5f1374f69a8b7db02272f3292
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a94cb4c2527e20f.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 3 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 23:00
re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\cnetcf.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

@+
0
Réponse 4 / 59
sitael
2 déc. 2007 à 23:02
merci, je suis ce que tu me dis...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 59
sitael
2 déc. 2007 à 23:16
dslé,
où trouve-t-on le rapport vundofix?
merci
0
Réponse 6 / 59
sitael
2 déc. 2007 à 23:22
re
voici le log
vundofix

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cnetcf.dll
C:\WINDOWS\system32\cnetcf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\cnetcf.dll
C:\WINDOWS\system32\cnetcf.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...
0
Réponse 7 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 23:23
re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 8 / 59
sitael
2 déc. 2007 à 23:36
voici, merci

ComboFix 07-12-02.5 - Dalli 2007-12-02 23:31:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1360 [GMT 1:00]
Running from: C:\Documents and Settings\Dalli\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gugezudaay.dat
c:\windows\system32\gugezudaay.exe
C:\WINDOWS\system32\gugezudaay_nav.dat
C:\WINDOWS\system32\gugezudaay_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 23:06 . 2007-12-02 23:10 <REP> d-------- C:\VundoFix Backups
2007-12-02 22:48 . 2007-12-02 22:49 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-12-02 22:46 . 2007-12-02 22:46 <REP> d-------- C:\Program Files\Trend Micro
2007-12-02 19:22 . 2007-12-02 20:10 <REP> d-------- C:\Program Files\The Cleaner Free
2007-12-02 19:22 . 2007-12-02 19:22 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-12-02 18:43 . 2007-12-02 19:21 <REP> d-------- C:\Program Files\Smart Cleaner
2007-12-01 02:38 . 2007-12-01 02:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 02:18 . 2007-12-01 02:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-01 02:16 . 2007-12-02 23:10 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-30 20:20 . 2007-11-30 20:46 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 00:06 . 2007-11-27 00:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-27 00:04 . 2007-11-27 00:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-27 00:04 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-26 23:53 . 2007-11-27 00:05 <REP> d-------- C:\Program Files\Windows Live
2007-11-26 23:53 . 2007-11-26 23:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-26 23:53 . 2007-11-26 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 23:55 . 2007-11-25 23:55 <REP> d-------- C:\WINDOWS\Sun
2007-11-25 23:45 . 2007-11-25 23:45 <REP> d--h----- C:\WINDOWS\PIF
2007-11-25 16:43 . 2007-11-25 16:43 268 --ah----- C:\sqmdata02.sqm
2007-11-25 16:43 . 2007-11-25 16:43 244 --ah----- C:\sqmnoopt02.sqm
2007-11-20 23:43 . 2007-11-20 23:44 <REP> d-------- C:\Program Files\Google
2007-11-20 23:43 . 2007-12-02 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-14 18:49 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-14 18:34 . 2007-11-14 18:34 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-14 16:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-14 16:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-14 14:07 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-14 13:44 . 2007-11-14 13:44 <REP> d-------- C:\Program Files\Windows Defender
2007-11-14 12:36 . 18,688 C:\WINDOWS\system32\drivers\gcrdklzm.dat
2007-11-14 12:35 . 2004-08-05 12:00 103,936 --a------ C:\WINDOWS\system32\cnetcf.dll
2007-11-12 22:01 . 2007-11-12 22:28 <REP> d-------- C:\Documents and Settings\Dalli\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 22:33 4,028,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-02 22:08 47,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-02 17:14 --------- d-----w C:\Documents and Settings\Dalli\Application Data\AVG7
2007-12-02 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-01 01:17 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-01 01:17 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-30 12:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\Dalli\Application Data\uTorrent
2007-11-27 21:18 --------- d-----w C:\Program Files\uTorrent
2007-11-26 12:18 --------- d-----w C:\Program Files\eMule
2007-11-25 17:42 --------- d-----w C:\Documents and Settings\Dalli\Application Data\LimeWire
2007-11-14 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 16:53 --------- d-----w C:\Documents and Settings\Dalli\Application Data\toshiba
2007-11-13 13:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-13 13:57 --------- d-----w C:\Program Files\Postal2STP
2007-10-13 13:43 --------- d-----w C:\Program Files\Microsoft Works
2007-10-03 13:19 273,408 ----a-w C:\WINDOWS\system32\miootr.exe
2007-10-02 17:46 342,016 ----a-w C:\WINDOWS\system32\qdtejig.exe
2007-10-02 15:15 335,872 ----a-w C:\WINDOWS\system32\djeasp.exe
2007-10-02 09:42 330,752 ----a-w C:\WINDOWS\system32\lhqbzrl.exe
2007-10-01 11:38 329,216 ----a-w C:\WINDOWS\system32\urmgtdcr.exe
2007-09-19 14:31 268,800 ----a-w C:\WINDOWS\system32\lujcsiezvh.exe
2007-09-17 16:47 339,456 ----a-w C:\WINDOWS\system32\vdnyvyyvxr.exe
2007-09-17 10:33 346,112 ----a-w C:\WINDOWS\system32\wdurmurxf.exe
2007-09-12 20:31 188 ----a-w C:\Documents and Settings\Dalli\Application Data\wklnhst.dat
2007-09-12 13:18 270,848 ----a-w C:\WINDOWS\system32\hkcjci.exe
2007-09-12 10:18 278,528 ----a-w C:\WINDOWS\system32\ovfzmiwdr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
2004-08-05 12:00 103936 --a------ C:\WINDOWS\system32\cnetcf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gugezudaay"="c:\windows\system32\gugezudaay.exe" []
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 23:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 11:13]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 13:19]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 16:28]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 14:50 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 11:14 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-12-27 13:06 C:\WINDOWS\system32\TDispVol.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"CFSServ.exe"="CFSServ.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 15:54]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 15:54]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 zmlnkxag;zmlnkxag;C:\WINDOWS\system32\drivers\gcrdklzm.dat
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\Dalli\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37545ff1-7a49-11dc-b0c5-0016d489e564}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1e5422-9161-11dc-b0fb-0016d489e564}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-23 16:16:47 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-02 22:13:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 22:08:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 23:34:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 23:34:42
.
--- E O F ---
0
Réponse 9 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 23:50
Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\cnetcf.dll
c:\windows\system32\gugezudaay.exe
C:\WINDOWS\system32\d3dx9_32.dll
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gugezudaay"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37545f f1-7a49-11dc-b0c5-0016d489e564}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,


Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

et

- Avec F branché , télécharge kill_autorun_vbs.dat

http://www.monwebperso.info/modules.php?name=Downloads&d_op=getit&lid=16

Décompresse-le ensuite double-click sur kill_autorun_vbs.bat
Redémarre le PC
S'il y a des observations rapporte-les.

ouvre le bloc note et copie colle les commandes en gras :

@echo on
taskkill /im explorer.exe /f
taskkill /im wscript.exe
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXplorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
start reg import kill.reg
del c:\autorun.* /f /q /as
del %SYSTEMROOT%\system32\autorun.* /f /q /as
del d:\autorun.* /f /q /as
del e:\autorun.* /f /q /as
del f:\autorun.* /f /q /as
del g:\autorun.* /f /q /as
del h:\autorun.* /f /q /as
del i:\autorun.* /f /q /as
del j:\autorun.* /f /q /as
del k:\autorun.* /f /q /as
del l:\autorun.* /f /q /as
start explorer.exe

ferme le bloc et enregistre le sur le bureau sous le nom de kill_autorun_vbs.bat


va sur le bureau et double clik sur kill_autorun_vbs.bat et laisse le faire son boulot


3)- Débranche ensuite le disque externe F , et télécharge ensuite l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Utilisation :
Téléchargez et enregistrez Flash_Disinfector.exe sur votre bureau.
Double cliquez sur Flash_Disinfector.exe pour le lancer.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connectez votre clé USB et périphériques USB externes susceptibles d'avoir été infectés.
Puis cliquez sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"
Appuyez sur "Ok", pour faire réapparaitre le bureau.

Redémarre le PC
S'il y a des observations rapporte-les.

@+
0
Réponse 10 / 59
sitael
3 déc. 2007 à 00:17
log de combofix

ComboFix 07-12-02.5 - Dalli 2007-12-02 23:59:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1361 [GMT 1:00]
Running from: C:\Documents and Settings\Dalli\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dalli\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\WINDOWS\system32\cnetcf.dll
C:\WINDOWS\system32\d3dx9_32.dll
c:\windows\system32\gugezudaay.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\VundoFix Backups
C:\WINDOWS\system32\d3dx9_32.dll
C:\WINDOWS\system32\cnetcf.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 22:48 . 2007-12-02 22:49 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-12-02 22:46 . 2007-12-02 22:46 <REP> d-------- C:\Program Files\Trend Micro
2007-12-02 19:22 . 2007-12-02 20:10 <REP> d-------- C:\Program Files\The Cleaner Free
2007-12-02 19:22 . 2007-12-02 19:22 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-12-02 18:43 . 2007-12-02 19:21 <REP> d-------- C:\Program Files\Smart Cleaner
2007-12-01 02:38 . 2007-12-01 02:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 02:18 . 2007-12-01 02:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-01 02:16 . 2007-12-02 23:10 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-30 20:20 . 2007-11-30 20:46 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 00:06 . 2007-11-27 00:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-27 00:04 . 2007-11-27 00:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-26 23:53 . 2007-11-27 00:05 <REP> d-------- C:\Program Files\Windows Live
2007-11-26 23:53 . 2007-11-26 23:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-26 23:53 . 2007-11-26 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 23:55 . 2007-11-25 23:55 <REP> d-------- C:\WINDOWS\Sun
2007-11-25 23:45 . 2007-11-25 23:45 <REP> d--h----- C:\WINDOWS\PIF
2007-11-20 23:43 . 2007-11-20 23:44 <REP> d-------- C:\Program Files\Google
2007-11-20 23:43 . 2007-12-02 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-14 18:49 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-14 18:34 . 2007-11-14 18:34 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-14 16:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-14 16:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-14 14:07 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-14 13:44 . 2007-11-14 13:44 <REP> d-------- C:\Program Files\Windows Defender
2007-11-14 12:36 . 18,688 C:\WINDOWS\system32\drivers\gcrdklzm.dat
2007-11-14 12:35 . 2004-08-05 12:00 103,936 --a------ C:\WINDOWS\system32\cnetcf.dll
2007-11-12 22:01 . 2007-11-12 22:28 <REP> d-------- C:\Documents and Settings\Dalli\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 23:03 4,048,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-02 23:02 48,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-02 21:49 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-12-02 17:14 --------- d-----w C:\Documents and Settings\Dalli\Application Data\AVG7
2007-12-02 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-01 01:17 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-01 01:17 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-30 12:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\Dalli\Application Data\uTorrent
2007-11-27 21:18 --------- d-----w C:\Program Files\uTorrent
2007-11-26 12:18 --------- d-----w C:\Program Files\eMule
2007-11-25 17:42 --------- d-----w C:\Documents and Settings\Dalli\Application Data\LimeWire
2007-11-14 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 16:53 --------- d-----w C:\Documents and Settings\Dalli\Application Data\toshiba
2007-11-13 13:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-13 13:57 --------- d-----w C:\Program Files\Postal2STP
2007-10-13 13:43 --------- d-----w C:\Program Files\Microsoft Works
2007-09-12 20:31 188 ----a-w C:\Documents and Settings\Dalli\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
2004-08-05 12:00 103936 --a------ C:\WINDOWS\system32\cnetcf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 23:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 11:13]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 13:19]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 16:28]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 14:50 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 11:14 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-12-27 13:06 C:\WINDOWS\system32\TDispVol.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"CFSServ.exe"="CFSServ.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 15:54]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 15:54]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 zmlnkxag;zmlnkxag;C:\WINDOWS\system32\drivers\gcrdklzm.dat
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\Dalli\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1e5422-9161-11dc-b0fb-0016d489e564}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 16:16:47 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-02 23:06:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 22:08:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 00:04:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 0:07:00 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-02 23:34
.
--- E O F ---


et log de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 00:16:31, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556CDE88-3DD8-4CB2-A2DC-3495B7266D95} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?51bdc3b5f1374f69a8b7db02272f3292
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?51bdc3b5f1374f69a8b7db02272f3292
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a94cb4c2527e20f.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 11 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2007 à 00:22
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

C:\WINDOWS\system32\cnetcf.dll

- Type de recherche : sélectionne l'option 6 puis valide


OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient
0
Réponse 12 / 59
sitael
3 déc. 2007 à 00:41
voila

03/12/2007 ---- 0:40:42,15

----------------------------------
§§§§§§ [C:\WINDOWS\system32\cnetcf.dll] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 13 / 59
sitael
3 déc. 2007 à 00:47
sinon,
à part la corbeille visuellement pleine....en explorant se trouve vide, donc rien à vider!
rien de plus, sauf le log OAD de poser ci-dessus
à tte
0
Réponse 14 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2007 à 00:52
tu peux refaire un combofix stp
0
Réponse 15 / 59
sitael
3 déc. 2007 à 01:06
voilà

ComboFix 07-12-02.5 - Dalli 2007-12-03 1:01:39.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1386 [GMT 1:00]
Running from: C:\Documents and Settings\Dalli\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 22:48 . 2007-12-03 00:16 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-12-02 22:46 . 2007-12-02 22:46 <REP> d-------- C:\Program Files\Trend Micro
2007-12-02 19:22 . 2007-12-02 20:10 <REP> d-------- C:\Program Files\The Cleaner Free
2007-12-02 19:22 . 2007-12-02 19:22 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-12-02 18:43 . 2007-12-02 19:21 <REP> d-------- C:\Program Files\Smart Cleaner
2007-12-01 02:38 . 2007-12-01 02:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 02:18 . 2007-12-01 02:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-01 02:16 . 2007-12-03 00:45 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-30 20:20 . 2007-11-30 20:46 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 00:06 . 2007-11-27 00:06 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-27 00:04 . 2007-11-27 00:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-26 23:53 . 2007-11-27 00:05 <REP> d-------- C:\Program Files\Windows Live
2007-11-26 23:53 . 2007-11-26 23:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-26 23:53 . 2007-11-26 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 23:55 . 2007-11-25 23:55 <REP> d-------- C:\WINDOWS\Sun
2007-11-25 23:45 . 2007-11-25 23:45 <REP> d--h----- C:\WINDOWS\PIF
2007-11-20 23:43 . 2007-11-20 23:44 <REP> d-------- C:\Program Files\Google
2007-11-20 23:43 . 2007-12-02 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-14 18:49 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-14 18:34 . 2007-11-14 18:34 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-14 16:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-14 16:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-14 14:07 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-14 13:44 . 2007-11-14 13:44 <REP> d-------- C:\Program Files\Windows Defender
2007-11-14 12:36 . 18,688 C:\WINDOWS\system32\drivers\gcrdklzm.dat
2007-11-14 12:35 . 2004-08-05 12:00 103,936 --a------ C:\WINDOWS\system32\cnetcf.dll
2007-11-12 22:01 . 2007-11-12 22:28 <REP> d-------- C:\Documents and Settings\Dalli\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 00:03 4,085,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-02 23:33 48,740 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-02 17:14 --------- d-----w C:\Documents and Settings\Dalli\Application Data\AVG7
2007-12-02 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-01 01:17 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-01 01:17 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-30 12:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\Dalli\Application Data\uTorrent
2007-11-27 21:18 --------- d-----w C:\Program Files\uTorrent
2007-11-26 12:18 --------- d-----w C:\Program Files\eMule
2007-11-25 17:42 --------- d-----w C:\Documents and Settings\Dalli\Application Data\LimeWire
2007-11-14 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 16:53 --------- d-----w C:\Documents and Settings\Dalli\Application Data\toshiba
2007-11-13 13:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-13 13:57 --------- d-----w C:\Program Files\Postal2STP
2007-10-13 13:43 --------- d-----w C:\Program Files\Microsoft Works
2007-10-03 13:19 273,408 ----a-w C:\WINDOWS\system32\miootr.exe
2007-10-02 17:46 342,016 ----a-w C:\WINDOWS\system32\qdtejig.exe
2007-10-02 15:15 335,872 ----a-w C:\WINDOWS\system32\djeasp.exe
2007-10-02 09:42 330,752 ----a-w C:\WINDOWS\system32\lhqbzrl.exe
2007-10-01 11:38 329,216 ----a-w C:\WINDOWS\system32\urmgtdcr.exe
2007-09-19 14:31 268,800 ----a-w C:\WINDOWS\system32\lujcsiezvh.exe
2007-09-17 16:47 339,456 ----a-w C:\WINDOWS\system32\vdnyvyyvxr.exe
2007-09-17 10:33 346,112 ----a-w C:\WINDOWS\system32\wdurmurxf.exe
2007-09-12 20:31 188 ----a-w C:\Documents and Settings\Dalli\Application Data\wklnhst.dat
2007-09-12 13:18 270,848 ----a-w C:\WINDOWS\system32\hkcjci.exe
2007-09-12 10:18 278,528 ----a-w C:\WINDOWS\system32\ovfzmiwdr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
2004-08-05 12:00 103936 --a------ C:\WINDOWS\system32\cnetcf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 23:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 11:13]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 13:19]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 16:28]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 14:50 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 11:14 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-12-27 13:06 C:\WINDOWS\system32\TDispVol.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"CFSServ.exe"="CFSServ.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 15:54]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 15:54]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 zmlnkxag;zmlnkxag;C:\WINDOWS\system32\drivers\gcrdklzm.dat
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\Dalli\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1e5422-9161-11dc-b0fb-0016d489e564}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-23 16:16:47 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-02 23:38:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 23:08:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 01:04:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 1:05:02
C:\ComboFix2.txt ... 2007-12-03 00:07
C:\ComboFix3.txt ... 2007-12-02 23:34
.
--- E O F ---
0
Réponse 16 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2007 à 01:10
re,

essaie de cherche ceci avec oad

{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}
0
Réponse 17 / 59
sitael
3 déc. 2007 à 01:14
oki, voici


03/12/2007 ---- 1:12:25,32

----------------------------------
§§§§§§ [{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]

[HKEY_USERS\S-1-5-21-1943825336-2634726179-848157157-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]

[HKEY_USERS\S-1-5-21-1943825336-2634726179-848157157-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}\iexplore]

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 18 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2007 à 01:21
fais ceci

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
[-HKEY_USERS\S-1-5-21-1943825336-2634726179-848157157-1006\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]
[-HKEY_USERS\S-1-5-21-1943825336-2634726179-848157157-1006\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{556CDE88-3DD8-4CB2-A2DC-3495B7266D95}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit4 est sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

puis remet un hijack this
0
Réponse 19 / 59
sitael
3 déc. 2007 à 01:32
travail effectué,

Logfile of HijackThis v1.99.1
Scan saved at 01:31:29, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556CDE88-3DD8-4CB2-A2DC-3495B7266D95} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?51bdc3b5f1374f69a8b7db02272f3292
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?51bdc3b5f1374f69a8b7db02272f3292
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1a94cb4c2527e20f.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 20 / 59
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2007 à 01:37
elle est encore la cette foutu dll

c´est desesperant...

essaie de la virer maintenant avec


Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\cnetcf.dll

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
0

Discussions similaires

Belote à 6 joueurs
Bererom -
Raymond PENTIER -

10 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Règle du jeu
Anonyme -
georges97 -

1 réponse
Freebox bloquée à l'étape 6
Linda -
brupala -

14 réponses