infesté de virus,ex:geebc.dll, khfda.dll ect Résolu/Fermé

Question

Bonjour,J'ai beaucoup d'alerte de Avast concernant trojan,virus,ver sur mon ordi.
J'ai téléchargé spyware Fighter ( lien sur le site) trouvé 250 problèmes et + essayer Vondo Fix et exécuté.
Tout ceci n'as rien donné. Je ne sais pas comment utilisé HiJAck.Aidez-moi stp.

ep44 · Answer

Bonsoir rayfic,

pour hijack pas de soucis 
suit ceci 

Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

=> Double-clic dessus
=> installe 
=> Clic Do a system scan and save the log
=> coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 
@+

rayfic · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:21, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
Mra button: SIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\rlvknlg .exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SPYWAREfighter\spftray .exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2f%3fmkt%3dfr-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjh.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Raymond\LOCALS~1\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail -cluster 2 
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

ep44 · Answer

Bonjour

Télécharger sur le bureau

 http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
=> Copier ce texte en gras

C:\WINDOWS\Fonts\svchost.exe
c:\windows\system32\rlvknlg.exe 
C:\WINDOWS\mrofinu1188.exe

=> Double-clic sur OTMoveIt.exe
=> Dans le cadre de Gauche ==> clic-droit ==> coller
=> Clic MoveIt!
=> si redémarrage demandé==> Clic : YES
=> Un rapport dans ==> C:_\OTMoveItMovedFilesdate du jour à copier/coller dans la réponse + nouveau rapport hijackthis.

rayfic · Answer

Salut EP44,fait ce que tu m'as conseillé mais cela ne semble pas avoir fonctionné.Après avoir cliqué sur move it, il l,a bien changé de fenêtre mais sans plus.
Voici les résultats:
File/Folder C:\WINDOWS\Fonts\svchost.exe not found.
File/Folder c:\windows\system32\rlvknlg.exe not found.
File/Folder C:\WINDOWS\mrofinu1188.exe not found.
 
Created on 01-12-2008 08:31:29
Doi-je essayer de nouveau ?
Incapable d'envoyer nouveau rapport.Message suivant de Hi Jack. Problème rencontré...doit fermer.!!!!!!!

ep44 · Answer

oui stp

rayfic · Answer

OK

rayfic · Answer

Ne demande pas de redémarrage

rayfic · Answer

Hijack ne fonctionne pas plus. Semble ne pas <souligne>trouver les fichiers?!!

ep44 · Answer

tu veux dire que tu ne peux plus lancer hijack 
réinstalle le 

ensuite 

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+

rayfic · Answer

Ok, dans C:_\OTMoveItMovedFiles,retrouve les fichiers que tu m'as fait copier/coller ds Move it...mon hi jack ne fonctionne toujiours pas.Merci de m'aider.Je dois quitter,on se retrouve plus tard.

ep44 · Answer

poste le rapport

rayfic · Answer

lequel

ep44 · Answer

poste les rapoprts celui de OTMoveIt ensuite combofix et hijack

rayfic · Answer

SAlut EP44, voici les rapports
OTMoveIt
File/Folder C:\WINDOWS\Fonts\svchost.exe not found.
File/Folder c:\windows\system32\rlvknlg.exe not found.
File/Folder C:\WINDOWS\mrofinu1188.exe not found.
 
Created on 01-13-2008 18:45:26

Ne sais pas ou se trouve le rapport de Combo Fix. Le programme a redémarre l'ordi et un message disait de ne pas ouvrir aucun programme avant qu'il termine son travail et ensuite  est disparu.

Le Hi jack donne ceci:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2f%3fmkt%3dfr-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\wvusqrs.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Otra] "C:\PROGRA~1\SEMBLY~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Aoxd] C:\WINDOWS\system32\??mantec\m?iexec.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

ep44 · Answer

Bonjour maintenant 

il faut faire combofix 

@+

rayfic · Answer

Bonjour,je l'essai maintenant

rayfic · Answer

Bon comme je craignais il est arrivé la même chose à ceci près que Combofix a refait un démarrage mais a demandé de ne pas ouvrir aucun autre progr avant d'avoir terminé. Au démarrage avast ainsi que d'autre démarre auto.

rayfic · Answer

EP44,connais pas ton vrais nom, en fouillant sur le forum concernant mon autre ordi,infecté fichier khfda.dll, j'ai vu cooment envoyer un rapport de combo fix soit ds C:...vondofix.
voici le rapport:

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 16:47:42 2008-01-11

Listing files found while scanning....

C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.exe
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.exe
C:\WINDOWS\system32\wvusqrs.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\mrofinu1188.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\cbeeg.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\geebc.exe
C:\WINDOWS\system32\geebc.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljjh.exe
C:\WINDOWS\system32\mljjh.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wvusqrs.dll
C:\WINDOWS\system32\wvusqrs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\wvusqrs.dll
C:\WINDOWS\system32\wvusqrs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:23:41 2008-01-11

Listing files found while scanning....

C:\WINDOWS\system32\wvusqrs.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\wvusqrs.dll
C:\WINDOWS\system32\wvusqrs.dll Could not be deleted.

Performing Repairs to the registry.
Done!
celui de hijack (nouveau)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05, on 2008-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2f%3fmkt%3dfr-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Otra] "C:\PROGRA~1\SEMBLY~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Aoxd] C:\WINDOWS\system32\??mantec\m?iexec.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

rayfic · Answer

J'ai refait un scan avec Avast TOUJOURS le system 32 infecté par Cheval de troie  ds Win32:TratBHO [Trj] ect...

ep44 · Answer

il faut vraiment que tu passe par l'étape de combofix 

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+

rayfic · Answer

Je ne suis pas capable de t'envoyer le rapport, avant d'exécuter CF j'ai fait ms config et tout arr^té les progr au démarrage.Alors ou se trouve ce rapport????????

ep44 · Answer

regarde dans c:
@+

rayfic · Answer

voici enfin le rapport ComboFix 08-01-13.1 - Raymond 2008-01-14 20:21:34.5 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.671 [GMT -5:00] Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe C:\Program Files\SPYWAREfighter\spftray.exe C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\hjkmp.ini C:\WINDOWS\system32\hjkmp.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\mljjh.exe C:\WINDOWS\system32\pmkjh.dll C:\WINDOWS\system32\pmkjh.exe C:\WINDOWS\UpdReg.EXE [code]

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe ---> QooBox
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe ---> QooBox
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe ---> QooBox
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe ---> QooBox
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe ---> QooBox
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe ---> QooBox

[/code] . . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))))))) . 2008-01-14 11:28 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 11:28 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 11:28 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 11:28 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 11:28 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 11:28 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 11:28 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 11:28 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-12 18:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 11:40 . 2008-01-12 11:40 d--hs---- C:\FOUND.012 2008-01-11 23:40 . 2008-01-11 23:40 d-------- C:\Program Files\Trend Micro 2008-01-11 17:54 . 2008-01-11 17:54 d--hs---- C:\FOUND.011 2008-01-11 17:15 . 2008-01-12 08:11 1,613,824 --a------ C:\WINDOWS\system32 lvknlg .exe 2008-01-11 16:47 . 2008-01-11 16:47 d-------- C:\VundoFix Backups 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\SPYWAREfighter 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\Fichiers communs\Application 2008-01-07 21:19 . 2008-01-07 21:19 712,704 --a------ C:\WINDOWS\system32 lph.dll 2008-01-07 21:00 . 2008-01-07 21:00 118,784 --a------ C:\WINDOWS\system32 lai.dll 2008-01-07 20:48 . 2008-01-07 20:48 d--hs---- C:\FOUND.010 2008-01-07 19:18 . 2008-01-07 19:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-01-07 19:15 . 2008-01-07 19:15 37,888 --------- C:\WINDOWS\system32\wvusqrs.dll 2008-01-07 19:13 . 2008-01-07 19:13 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-07 18:10 . 2008-01-07 18:10 d-------- C:\Documents and Settings\Raymond\Application Data\OpenOffice.org2 2008-01-07 17:44 . 2008-01-07 17:44 d-------- C:\Program Files\OpenOffice.org 2.3 2008-01-05 15:43 . 2008-01-05 15:43 d-------- C:\WINDOWS\system32\NtmsData 2008-01-03 15:37 . 2008-01-03 15:37 d-------- C:\Program Files\Global Pets 98 2008-01-03 15:36 . 1998-09-12 13:52 299,520 --a------ C:\WINDOWS\uninst.exe 2008-01-03 08:34 . 2008-01-03 08:34 d-------- C:\Program Files\MSXML 6.0 2008-01-02 15:16 . 2008-01-02 15:16 d-------- C:\WINDOWS\Performance 2008-01-02 15:15 . 2008-01-02 15:15 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-01-02 15:15 . 2008-01-02 15:16 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2007-12-31 15:17 . 2007-12-31 15:17 d-------- C:\Documents and Settings\All Users\Application Data\GreenPoint 2007-12-31 15:17 . 2007-04-16 12:07 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll 2007-12-30 20:36 . 2007-12-30 20:36 0 --a------ C:\WINDOWS\RussSqr.INI 2007-12-30 20:08 . 2007-12-30 20:08 d-------- C:\Documents and Settings\Raymond\Application Data\The Labyrinth Plus! Edition 2007-12-25 06:35 . 2007-12-25 06:35 d--hs---- C:\FOUND.009 2007-12-15 13:41 . 2007-12-15 13:41 d--hs---- C:\FOUND.008 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 22:33 345,088 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe 2008-01-12 13:35 10 ----a-w C:\Program Files\.autoreg 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-03 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-01 04:49 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-11-26 00:56 --------- d-----w C:\Program Files\Dcads Advanced Toolbar 2007-11-26 00:56 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar 2007-11-11 03:11 23,984 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-06 21:29 159,803 ----a-w C:\WINDOWS\closewnd.exe 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-05-01 23:39 374 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb6334.dat 2007-05-01 23:39 18,432 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb41.dat 2007-05-01 23:34 538 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb8467.dat . [code]

----a-w         1,613,824 2008-01-12 13:11:58  C:\WINDOWS\system32
lvknlg .exe
----a-w         4,484,816 2008-01-15 00:10:32  C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe

[/code] ((((((((((((((((((((((((((((( snapshot@2008-01-13_18.38.54.00 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-11 19:48:08 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe + 2008-01-15 00:42:56 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe - 2008-01-11 19:48:08 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-15 00:42:56 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe - 2008-01-11 19:48:08 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-15 00:42:56 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-15 00:10:12 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}] 2008-01-07 19:15 37888 --------- C:\WINDOWS\system32\wvusqrs.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe" [2008-01-14 11:26 5244928] "Router"="C:\Program Files\Router\Router.exe" [ ] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-12-30 17:34 214456] "Gestionnaire Antidote .exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "Aoxd"="C:\WINDOWS\system32\??mantec\m?iexec.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344] "CTHelper"="CTHELPER.EXE" [2004-03-19 03:33 24576 C:\WINDOWS\system32\CTHELPER.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-02-10 15:28:51] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\wvusqrs.dll [2008-01-07 19:15 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll,C:\WINDOWS\system32 lai.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2008-01-14 11:26 424960 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\pmkjh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2006-11-19 19:23 319532 C:\PROGRA~1\MAGENTIC\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otra] C:\PROGRA~1\SEMBLY~1\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard] --a------ 2007-06-08 11:52 115608 C:\Program Files\SPYWAREfighter\spftray.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [] S4 viadsk;viadsk;C:\WINDOWS\system32\drivers\viadsk.sys [] *Newly Created Service* - SPYWAREFIGHTERRP . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-15 01:09:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2007-09-27 13:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\2 Copernic Daily ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\3 Copernic Weekly ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\4 Copernic Monthly ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 20:24:39 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . Completion time: 2008-01-14 20:26:07 ComboFix-quarantined-files.txt 2008-01-15 01:26:04 . 2008-01-12 18:59:09 --- E O F ---

ep44 · Answer

selectionne ceci

registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}] 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aoxd"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"=-


File::

C:\WINDOWS\system32\wvusqrs.dll 
C:\WINDOWS\system32\rlvknlg .exe 
C:\WINDOWS\system32\rlph.dll


=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

rayfic · Answer

salut cousin, c'est assez compliqué mais voici ce que cela donne. ComboFix 08-01-13.1 - Raymond 2008-01-15 16:40:46.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.601 [GMT -5:00] Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Raymond\Mes documents\CFscript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\pmkjh.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))))))) . 2008-01-14 20:38 . 2008-01-14 20:38 d--hs---- C:\FOUND.013 2008-01-14 11:28 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 11:28 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 11:28 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 11:28 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 11:28 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 11:28 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 11:28 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 11:28 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-12 18:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 11:40 . 2008-01-12 11:40 d--hs---- C:\FOUND.012 2008-01-11 23:40 . 2008-01-11 23:40 d-------- C:\Program Files\Trend Micro 2008-01-11 17:54 . 2008-01-11 17:54 d--hs---- C:\FOUND.011 2008-01-11 17:15 . 2008-01-12 08:11 1,613,824 --a------ C:\WINDOWS\system32 lvknlg .exe 2008-01-11 16:47 . 2008-01-11 16:47 d-------- C:\VundoFix Backups 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\SPYWAREfighter 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\Fichiers communs\Application 2008-01-07 21:19 . 2008-01-07 21:19 712,704 --a------ C:\WINDOWS\system32 lph.dll 2008-01-07 21:00 . 2008-01-07 21:00 118,784 --a------ C:\WINDOWS\system32 lai.dll 2008-01-07 20:48 . 2008-01-07 20:48 d--hs---- C:\FOUND.010 2008-01-07 19:18 . 2008-01-07 19:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-01-07 19:15 . 2008-01-07 19:15 37,888 --------- C:\WINDOWS\system32\wvusqrs.dll 2008-01-07 19:13 . 2008-01-07 19:13 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-07 18:10 . 2008-01-07 18:10 d-------- C:\Documents and Settings\Raymond\Application Data\OpenOffice.org2 2008-01-07 17:44 . 2008-01-07 17:44 d-------- C:\Program Files\OpenOffice.org 2.3 2008-01-05 15:43 . 2008-01-05 15:43 d-------- C:\WINDOWS\system32\NtmsData 2008-01-03 15:37 . 2008-01-03 15:37 d-------- C:\Program Files\Global Pets 98 2008-01-03 15:36 . 1998-09-12 13:52 299,520 --a------ C:\WINDOWS\uninst.exe 2008-01-03 08:34 . 2008-01-03 08:34 d-------- C:\Program Files\MSXML 6.0 2008-01-02 15:16 . 2008-01-02 15:16 d-------- C:\WINDOWS\Performance 2008-01-02 15:15 . 2008-01-02 15:15 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-01-02 15:15 . 2008-01-02 15:16 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2007-12-31 15:17 . 2007-12-31 15:17 d-------- C:\Documents and Settings\All Users\Application Data\GreenPoint 2007-12-31 15:17 . 2007-04-16 12:07 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll 2007-12-30 20:36 . 2007-12-30 20:36 0 --a------ C:\WINDOWS\RussSqr.INI 2007-12-30 20:08 . 2007-12-30 20:08 d-------- C:\Documents and Settings\Raymond\Application Data\The Labyrinth Plus! Edition 2007-12-25 06:35 . 2007-12-25 06:35 d--hs---- C:\FOUND.009 2007-12-15 13:41 . 2007-12-15 13:41 d--hs---- C:\FOUND.008 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 22:33 345,088 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe 2008-01-12 13:35 10 ----a-w C:\Program Files\.autoreg 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-03 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-01 04:49 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-11-26 00:56 --------- d-----w C:\Program Files\Dcads Advanced Toolbar 2007-11-26 00:56 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar 2007-11-11 03:11 23,984 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-06 21:29 159,803 ----a-w C:\WINDOWS\closewnd.exe 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-05-01 23:39 374 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb6334.dat 2007-05-01 23:39 18,432 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb41.dat 2007-05-01 23:34 538 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb8467.dat . [code]

----a-w         1,613,824 2008-01-12 13:11:58  C:\WINDOWS\system32
lvknlg .exe
----a-w         4,484,816 2008-01-15 21:45:24  C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe

[/code] ((((((((((((((((((((((((((((( snapshot@2008-01-13_18.38.54.00 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-12 23:28:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-15 21:40:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-12 23:28:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-15 21:40:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-12 23:28:26 6,680,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-15 21:40:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-12 23:28:26 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-15 21:40:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-12 23:28:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-15 21:40:40 6,701,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-12 23:28:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-15 21:40:40 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE - 2008-01-11 19:48:08 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe + 2008-01-15 00:42:56 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe - 2008-01-11 19:48:08 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-15 00:42:56 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe - 2008-01-11 19:48:08 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-15 00:42:56 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe - 2007-10-20 19:58:22 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe + 2008-01-15 01:57:22 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe + 2008-01-15 21:44:46 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_730.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}] 2008-01-07 19:15 37888 --------- C:\WINDOWS\system32\wvusqrs.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe" [ ] "Router"="C:\Program Files\Router\Router.exe" [ ] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-12-30 17:34 214456] "Gestionnaire Antidote .exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "Aoxd"="C:\WINDOWS\system32\??mantec\m?iexec.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344] "CTHelper"="CTHELPER.EXE" [2004-03-19 03:33 24576 C:\WINDOWS\system32\CTHELPER.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\wvusqrs.dll [2008-01-07 19:15 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll,C:\WINDOWS\system32 lai.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\pmkjh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2006-11-19 19:23 319532 C:\PROGRA~1\MAGENTIC\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otra] C:\PROGRA~1\SEMBLY~1\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard] --a------ 2007-06-08 11:52 115608 C:\Program Files\SPYWAREfighter\spftray.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [] S4 viadsk;viadsk;C:\WINDOWS\system32\drivers\viadsk.sys [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-15 21:09:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

ep44 · Answer

refais hijack stp

rayfic · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33, on 2008-01-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\wvusqrs.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aoxd] C:\WINDOWS\system32\??mantec\m?iexec.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32lai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

rayfic · Answer

Bonsoir cousin, chez nous au Québec il est 18:00

Avast pro détecte encore un trojan ds c:win\sys32\pmkjj.dll...placé en quarantaine.

ep44 · Answer

Bonjour 
Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/

 
=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et
reposte un nouveau rapport hijackthis

rayfic · Answer

Salut j'ai le rapport mais ne fait pas coller/copier!Info d'analyse
	

 
	

 

Fichiers scannés
	

450491

Infectés Fichiers
	

244
	

 
	

 

 
	

 
	

 

Virus Détectés
	

 
	

 

Trojan.Downloader.JJKG
	

1

Generic.Malware.Sdld!.42B8CEA2
	

1

Trojan.Vundo.DVD
	

15

Dropped:Application.Adware.NewDotNet.A
	

1

Trojan.Dropper.Vundo.D
	

181

Trojan.Dloader.J
	

1

Trojan.Small.WY
	

2

Trojan.Agent.AFSZ
	

1

Trojan.Agent.AAFB
	

2

Trojan.Downloader.Purityscan.EN
	

2

Trojan.Generic.61407
	

3

Trojan.Patch.F
	

1

Trojan.Downloader.Small.ADD
	

1

Trojan.Agent.AFRM
	

1

Generic.Adw.SaveNow.F5FEB660
	

1

Trojan.Vundo.DVO
	

5

Trojan.Ebates.A
	

1

Trojan.FatObfus.Gen
	

1

Dropped:Application.BHO.Ignet.A
	

1

Trojan.Downloader.Zlob.AATN
	

1

Trojan.Downloader.Small.BUY
	

1

Trojan.Vundo.DVS
	

19

Trojan.Exploit.Java.Gimsh.A
	

1

rayfic · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\wvusqrs.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

ep44 · Answer

il faut refaire le poste 24 correctement 
@+

rayfic · Answer

J'ai refait le tout,à toi de voir. ComboFix 08-01-13.1 - Raymond 2008-01-16 14:39:12.7 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.668 [GMT -5:00] Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Raymond\Mes documents\CFscript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\system32 lph.dll C:\WINDOWS\system32 lvknlg .exe C:\WINDOWS\system32\wvusqrs.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awtqq.dll C:\WINDOWS\system32\ddaby.dll C:\WINDOWS\system32\gebyy.dll C:\WINDOWS\system32 lph.dll C:\WINDOWS\system32 lvknlg .exe C:\WINDOWS\system32\sstqp.dll C:\WINDOWS\system32\wvusqrs.dll . ---- Previous Run ------- . C:\WINDOWS\system32\pmkjh.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))))))) . 2008-01-16 13:02 . 2008-01-16 13:02 334,848 --a------ C:\WINDOWS\system32\pmkhf.dll 2008-01-16 12:02 . 2008-01-16 12:02 334,848 --a------ C:\WINDOWS\system32\sstqr.dll 2008-01-16 09:05 . 2008-01-16 09:05 d-------- C:\WINDOWS\BDOSCAN8 2008-01-14 20:38 . 2008-01-14 20:38 d--hs---- C:\FOUND.013 2008-01-14 11:28 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 11:28 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 11:28 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 11:28 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 11:28 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 11:28 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 11:28 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 11:28 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-12 18:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 11:40 . 2008-01-12 11:40 d--hs---- C:\FOUND.012 2008-01-11 23:40 . 2008-01-11 23:40 d-------- C:\Program Files\Trend Micro 2008-01-11 17:54 . 2008-01-11 17:54 d--hs---- C:\FOUND.011 2008-01-11 16:47 . 2008-01-11 16:47 d-------- C:\VundoFix Backups 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\SPYWAREfighter 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\Fichiers communs\Application 2008-01-07 21:00 . 2008-01-07 21:00 118,784 --a------ C:\WINDOWS\system32 lai.dll 2008-01-07 20:48 . 2008-01-07 20:48 d--hs---- C:\FOUND.010 2008-01-07 19:18 . 2008-01-07 19:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-01-07 19:13 . 2008-01-07 19:13 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-07 18:10 . 2008-01-07 18:10 d-------- C:\Documents and Settings\Raymond\Application Data\OpenOffice.org2 2008-01-07 17:44 . 2008-01-07 17:44 d-------- C:\Program Files\OpenOffice.org 2.3 2008-01-05 15:43 . 2008-01-05 15:43 d-------- C:\WINDOWS\system32\NtmsData 2008-01-03 15:37 . 2008-01-03 15:37 d-------- C:\Program Files\Global Pets 98 2008-01-03 15:36 . 1998-09-12 13:52 299,520 --a------ C:\WINDOWS\uninst.exe 2008-01-03 08:34 . 2008-01-03 08:34 d-------- C:\Program Files\MSXML 6.0 2008-01-02 15:16 . 2008-01-02 15:16 d-------- C:\WINDOWS\Performance 2008-01-02 15:15 . 2008-01-02 15:15 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-01-02 15:15 . 2008-01-02 15:16 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2007-12-31 15:17 . 2007-12-31 15:17 d-------- C:\Documents and Settings\All Users\Application Data\GreenPoint 2007-12-31 15:17 . 2007-04-16 12:07 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll 2007-12-30 20:36 . 2007-12-30 20:36 0 --a------ C:\WINDOWS\RussSqr.INI 2007-12-30 20:08 . 2007-12-30 20:08 d-------- C:\Documents and Settings\Raymond\Application Data\The Labyrinth Plus! Edition 2007-12-25 06:35 . 2007-12-25 06:35 d--hs---- C:\FOUND.009 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 22:09 27,000 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT 2008-01-12 13:35 10 ----a-w C:\Program Files\.autoreg 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-03 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-01 04:49 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-11-26 00:56 --------- d-----w C:\Program Files\Dcads Advanced Toolbar 2007-11-26 00:56 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-06 21:29 159,803 ----a-w C:\WINDOWS\closewnd.exe 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-05-01 23:39 374 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb6334.dat 2007-05-01 23:39 18,432 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb41.dat 2007-05-01 23:34 538 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb8467.dat . [code]

----a-w         4,484,816 2008-01-16 12:45:38  C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe

[/code] ((((((((((((((((((((((((((((( snapshot@2008-01-13_18.38.54.00 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-16 14:05:24 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-01-16 14:05:24 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-01-16 14:05:26 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-01-16 14:05:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2006-05-25 06:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2006-05-25 06:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-01-16 14:05:28 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-01-16 14:05:26 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2006-05-25 06:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe + 2006-05-25 06:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2006-05-25 06:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll - 2008-01-12 23:28:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-16 19:39:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-12 23:28:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-16 19:39:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-12 23:28:26 6,680,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-16 19:39:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-12 23:28:26 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-16 19:39:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-12 23:28:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-16 19:39:00 6,701,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-12 23:28:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-16 19:39:00 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE - 2008-01-11 19:48:08 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe + 2008-01-16 18:50:16 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe - 2008-01-11 19:48:08 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-16 18:50:16 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe - 2008-01-11 19:48:08 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe + 2008-01-16 18:50:16 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe - 2007-10-20 19:58:22 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe + 2008-01-15 01:57:22 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe + 2008-01-16 19:41:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6ac.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll,C:\WINDOWS\system32 lai.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Raymond^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\Raymond\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aoxd] C:\WINDOWS\system32\??mantec\m?iexec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2004-03-19 03:33 24576 C:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2007-12-30 17:34 214456 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\pmkjh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] --------- 2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2006-11-19 19:23 319532 C:\PROGRA~1\MAGENTIC\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otra] C:\PROGRA~1\SEMBLY~1\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Router] C:\Program Files\Router\Router.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet] --a------ 2002-12-03 18:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard] --a------ 2007-06-08 11:52 115608 C:\Program Files\SPYWAREfighter\spftray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [] S4 viadsk;viadsk;C:\WINDOWS\system32\drivers\viadsk.sys [] *Newly Created Service* - SPYWAREFIGHTERRP . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-16 19:09:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

rayfic · Answer

J'ai oublié Hi Jack,le voici.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

ep44 · Answer

relance hijack et coche ceci 

O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
	O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
	O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
ensuite clic sur fix checked 

ensuite 

Télécharger sur le bureau

 http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
=> Copier ce texte en gras

C:\WINDOWS\system32\pmkhf.dll 
C:\WINDOWS\system32\sstqr.dll 

=> Double-clic sur OTMoveIt.exe
=> Dans le cadre de Gauche ==> clic-droit ==> coller
=> Clic MoveIt!
=> si redémarrage demandé==> Clic : YES
=> Un rapport dans ==> C:_\OTMoveItMovedFilesdate du jour à copier/coller dans la réponse + nouveau rapport hijackthis.

rayfic · Answer

Voici,

LoadLibrary failed for C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll NOT unregistered.
C:\WINDOWS\system32\pmkhf.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll NOT unregistered.
C:\WINDOWS\system32\sstqr.dll moved successfully.
 
Created on 01-16-2008 16:57:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

ep44 · Answer

Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/

 
=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et dit moi ensuite si tu as encore des soucis 
@+

rayfic · Answer

Bon j'ai encore des problèmes, semble que sys 32 n'est plus infecté.Peut-tu m'indiquer le chemin pour générer un rapport de BD en ligne! Je n'y arrive pas. Merci

rayfic · Answer

Bonjour EP44,mon autre ordi (réseau familiale) est infecté ds sys32,voir l'autre discussion.
J'ai le rapport de Bit D

[General]
App	= "BitDefender Online Scanner v8"
Date	= 17:01:2008
Time	= 22:34:46
Scan Path	= D:\;I:\;

[Engines Info]
Virus Definitions	= 891148
Engine build	= "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"
Scan plugins	= 14
Archive plugins	= 38
Unpack plugins	= 7
E-mail plugins	= 6
System plugins	= 1

[Scan Statistics]
Folders	= 828
Files	= 83907
Archives	= 1883
Packed files	= 2221
Identified viruses	= 8
Infected files	= 9
Warnings	= 0
Suspect files	= 0
Disinfected files	= 0
Deleted files	= 9
Copied files	= 0
Moved files	= 0
Renamed files	= 0
I/O Errors	= 1

[Scan Settings]
SecondAction	= Delete
FirstAction	= Disinfect
Heuristics	= 1
Enable Warnings	= 1
Exclude Ext	= 
Extensions	= *;
Scan Emails	= 1
Scan Archives	= 1
Scan Packed	= 1
Scan Files	= 1
Scan Boot	= 1
Verify Memory	= 0

[Scan Results]
Line00000035	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 7) Infecté par: Dropped:Application.BHO.Ignet.A"
Line00000034	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 7) Echec de la désinfection"
Line00000033	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 7) Supprimé"
Line00000032	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o) Echec de la mise à jour"
Line00000031	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o)=>bzip2_solid_nsis0120 Infecté par: Trojan.Dloader.J"
Line00000030	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o)=>bzip2_solid_nsis0120 Echec de la désinfection"
Line00000029	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o)=>bzip2_solid_nsis0120 Supprimé"
Line00000028	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o) Echec de la mise à jour"
Line00000027	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o)=>bzip2_solid_nsis0122 Infecté par: Trojan.Ebates.A"
Line00000026	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o)=>bzip2_solid_nsis0122 Echec de la désinfection"
Line00000025	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o)=>bzip2_solid_nsis0122 Supprimé"
Line00000024	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 10)=>(NSIS o) Echec de la mise à jour"
Line00000023	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 12) Infecté par: Trojan.Downloader.Small.ADD"
Line00000022	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 12) Echec de la désinfection"
Line00000021	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 12) Supprimé"
Line00000020	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o) Echec de la mise à jour"
Line00000019	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 13) Infecté par: Dropped:Application.Adware.NewDotNet.A"
Line00000018	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 13) Echec de la désinfection"
Line00000017	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 13) Supprimé"
Line00000016	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o) Echec de la mise à jour"
Line00000015	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>wise0010 Infecté par: Trojan.Agent.AAFB"
Line00000014	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>wise0010 Echec de la désinfection"
Line00000013	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>wise0010 Supprimé"
Line00000012	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15) Echec de la mise à jour"
Line00000011	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>(Embedded EXE r)=>wise0010 Infecté par: Trojan.Agent.AAFB"
Line00000010	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>(Embedded EXE r)=>wise0010 Echec de la désinfection"
Line00000009	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>(Embedded EXE r)=>wise0010 Supprimé"
Line00000008	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 15)=>(Embedded EXE r) Echec de la mise à jour"
Line00000007	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 16) Infecté par: Generic.Malware.Sdld!.42B8CEA2"
Line00000006	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 16) Echec de la désinfection"
Line00000005	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o)=>(Instyler Module 16) Supprimé"
Line00000004	= "D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe=>(Instyler o) Echec de la mise à jour"
Line00000003	= "I:\System Volume Information\_restore{06DD9CA0-9A48-42F4-AF17-47158557B283}\RP138\A0028471.exe=>(Instyler o)=>(Instyler Module 11) Infecté par: Trojan.FatObfus.Gen"
Line00000002	= "I:\System Volume Information\_restore{06DD9CA0-9A48-42F4-AF17-47158557B283}\RP138\A0028471.exe=>(Instyler o)=>(Instyler Module 11) Echec de la désinfection"
Line00000001	= "I:\System Volume Information\_restore{06DD9CA0-9A48-42F4-AF17-47158557B283}\RP138\A0028471.exe=>(Instyler o)=>(Instyler Module 11) Supprimé"
Line00000000	= "I:\System Volume Information\_restore{06DD9CA0-9A48-42F4-AF17-47158557B283}\RP138\A0028471.exe=>(Instyler o) Echec de la mise à jour"



Dans celui-ci les fichiers ds D:\RECYCLERS et I:\sys volume information est infecté selon BitD.

ep44 · Answer

Bonsoir 
tu lance deux sujet 
pour deux pc différent 

pour l'instant il faut finir avec celui-ci
pour commencer vide ta corbeille

as tu encore des soucis ?

rayfic · Answer

Bonsoir, ma corbeille est vide. Mentionne tu que je dois effacer le répertoire suivant.D:\RECYCLERS

ep44 · Answer

regarde si tu trouve ceci
D:\RECYCLER\S-1-5-21-776561741-1993962763-1343024091-1003\Dg2.exe

rayfic · Answer

OK

green day · Answer

Ah ! ben bravo ! :)

 désolée Ep ! je n'avais pas vu le doublon ...

http://www.commentcamarche.net/forum/affich 4680519 infecte par virus#0

++

rayfic · Answer

oui, j'en n'ai trouvé 3 !

S-1-5-21-776561741-1993962763-1343024091-1003

S-1-5-21-606747145-1659004503-682003330-1004

S-1-5-21-776561741-1993962763-1343024091-500

ep44 · Answer

supprime celui-ci 
S-1-5-21-776561741-1993962763-1343024091-1003


ensuite refais un hijack stp

rayfic · Answer

ok, c'est fait
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?d13fdfa9edad49b78f0a596fb8abd5bb
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\system32\rlai.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

ep44 · Answer

ton rapport semble bon 

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier



ensuite fais ceci (IMPORTANT)

=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite

bonne chance pour l'autre pc ;-)
@+

rayfic · Answer

Ok on se reparle

ep44 · Answer

Ok on se reparle

??????????????

rayfic · Answer

Bon j'ai fait ce que tu m'as demandé. Pour m'assurer qu'il n'yavait plus de virus, j'ai refait Bd.Merci beaucoup de ton aide,continue à nous aider.@+

rayfic · Answer

Je te poste le rapport de Bitd: ENCORE des virus présent.


[General]
App	= "BitDefender Online Scanner v8"
Date	= 18:01:2008
Time	= 23:22:31
Scan Path	= C:\;

[Engines Info]
Virus Definitions	= 891939
Engine build	= "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"
Scan plugins	= 14
Archive plugins	= 38
Unpack plugins	= 7
E-mail plugins	= 6
System plugins	= 1

[Scan Statistics]
Folders	= 5924
Files	= 299922
Archives	= 3738
Packed files	= 6341
Identified viruses	= 3
Infected files	= 4
Warnings	= 0
Suspect files	= 0
Disinfected files	= 0
Deleted files	= 4
Copied files	= 0
Moved files	= 0
Renamed files	= 0
I/O Errors	= 26

[Scan Settings]
SecondAction	= Delete
FirstAction	= Disinfect
Heuristics	= 1
Enable Warnings	= 1
Exclude Ext	= 
Extensions	= *;
Scan Emails	= 1
Scan Archives	= 1
Scan Packed	= 1
Scan Files	= 1
Scan Boot	= 1
Verify Memory	= 0

[Scan Results]
Line00000013	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe Infecté par: Generic.Adw.SaveNow.F5FEB660"
Line00000012	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe Echec de la désinfection"
Line00000011	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe Supprimé"
Line00000010	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r) Echec de la mise à jour"
Line00000009	= "C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP1\A0000008.dll Infecté par: Trojan.Vundo.DWK"
Line00000008	= "C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP1\A0000008.dll Echec de la désinfection"
Line00000007	= "C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP1\A0000008.dll Supprimé"
Line00000006	= "C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP1\A0000009.dll Infecté par: Trojan.Vundo.DWK"
Line00000005	= "C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP1\A0000009.dll Echec de la désinfection"
Line00000004	= "C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP1\A0000009.dll Supprimé"
Line00000003	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004 Infecté par: Trojan.Downloader.Zlob.AATN"
Line00000002	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004 Echec de la désinfection"
Line00000001	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004 Supprimé"
Line00000000	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o) Echec de la mise à jour"

ep44 · Answer

Bonsoir 

encore une chose Télécharge RenV.exe sur ton Bureau:

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Double-clique sur RenV.exe pour le lancer, et patiente.

Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le stp 

@+ ;-)

rayfic · Answer

Salut Ep 44,le rapport donne ceci:

[code]
Ran on 2008-01-19 - 15:56:41.09

----a-w         4,484,816 2008-01-16 12:45:38  C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:          4,484,816  Blocks:        8,760
[/code]

ep44 · Answer

Créé un fichier Bloc Notes avec le texte qui se trouve en citation

    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe 

    * Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
    * Choisis "Enregistrer sous" et choisis "Bureau"
    * Dans le champ "Nom du fichier" en bas de page donne le nom suivant:Log.txt
    * Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
    * Quitte le Bloc Notes.
    * Fais un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
@+

rayfic · Answer

Voici ce que cela donne:

[code]
Ran on 2008-01-19 - 18:03:23.92

----a-w         4,484,816 2008-01-16 12:45:38  C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:          4,484,816  Blocks:        8,760
[/code]

ep44 · Answer

Bonjour,

 on essaye autre chose 

selectionne ceci

renv::

C:\WINDOWS\system32\rlvknlg .exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe 


=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

rayfic · Answer

Oh là, J'ai perdu Mozilla, mais après redémarrage il est revenu. Il ne trouvait plus son chemin,ni explorer. ComboFix 08-01-18.5 - Raymond 2008-01-20 7:58:22.8 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.680 [GMT -5:00] Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Raymond\Bureau\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\awtqq.dll C:\WINDOWS\system32\ddaby.dll C:\WINDOWS\system32\gebyy.dll C:\WINDOWS\system32\pmkjh.dll C:\WINDOWS\system32\rlph.dll C:\WINDOWS\system32\rlvknlg .exe C:\WINDOWS\system32\sstqp.dll C:\WINDOWS\system32\wvusqrs.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))))))) . 2008-01-16 09:05 . 2008-01-16 09:05 d-------- C:\WINDOWS\BDOSCAN8 2008-01-14 20:38 . 2008-01-14 20:38 d--hs---- C:\FOUND.013 2008-01-14 11:28 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 11:28 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 11:28 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 11:28 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 11:28 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 11:28 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 11:28 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 11:28 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-12 18:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 11:40 . 2008-01-12 11:40 d--hs---- C:\FOUND.012 2008-01-11 23:40 . 2008-01-11 23:40 d-------- C:\Program Files\Trend Micro 2008-01-11 17:54 . 2008-01-11 17:54 d--hs---- C:\FOUND.011 2008-01-11 16:47 . 2008-01-11 16:47 d-------- C:\VundoFix Backups 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\SPYWAREfighter 2008-01-07 21:00 . 2008-01-07 21:00 118,784 --a------ C:\WINDOWS\system32\rlai.dll 2008-01-07 20:48 . 2008-01-07 20:48 d--hs---- C:\FOUND.010 2008-01-07 19:18 . 2008-01-07 19:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-01-07 19:13 . 2008-01-07 19:13 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-07 18:10 . 2008-01-07 18:10 d-------- C:\Documents and Settings\Raymond\Application Data\OpenOffice.org2 2008-01-07 17:44 . 2008-01-07 17:44 d-------- C:\Program Files\OpenOffice.org 2.3 2008-01-05 15:43 . 2008-01-05 15:43 d-------- C:\WINDOWS\system32\NtmsData 2008-01-03 15:37 . 2008-01-03 15:37 d-------- C:\Program Files\Global Pets 98 2008-01-03 15:36 . 1998-09-12 13:52 299,520 --a------ C:\WINDOWS\uninst.exe 2008-01-03 08:34 . 2008-01-03 08:34 d-------- C:\Program Files\MSXML 6.0 2008-01-02 15:16 . 2008-01-02 15:16 d-------- C:\WINDOWS\Performance 2008-01-02 15:15 . 2008-01-02 15:15 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-01-02 15:15 . 2008-01-02 15:16 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2007-12-31 15:17 . 2007-12-31 15:17 d-------- C:\Documents and Settings\All Users\Application Data\GreenPoint 2007-12-31 15:17 . 2007-04-16 12:07 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll 2007-12-30 20:36 . 2007-12-30 20:36 0 --a------ C:\WINDOWS\RussSqr.INI 2007-12-30 20:08 . 2007-12-30 20:08 d-------- C:\Documents and Settings\Raymond\Application Data\The Labyrinth Plus! Edition 2007-12-25 06:35 . 2007-12-25 06:35 d--hs---- C:\FOUND.009 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 22:09 27,000 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT 2008-01-12 13:35 10 ----a-w C:\Program Files\.autoreg 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-03 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-01 04:49 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-11-26 00:56 --------- d-----w C:\Program Files\Dcads Advanced Toolbar 2007-11-26 00:56 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-06 21:29 159,803 ----a-w C:\WINDOWS\closewnd.exe 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-05-01 23:39 374 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb6334.dat 2007-05-01 23:39 18,432 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb41.dat 2007-05-01 23:34 538 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb8467.dat . ((((((((((((((((((((((((((((( snapshot_2008-01-16_14.43.26.96 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-25 06:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-17 02:57:26 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll - 2008-01-16 19:39:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-20 12:58:04 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-16 19:39:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-20 12:58:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-16 19:39:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-20 12:58:06 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-16 19:39:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-20 12:58:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-16 19:39:00 6,701,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-20 12:58:08 6,701,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-16 19:39:00 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-20 12:58:08 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-20 12:44:14 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_700.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll,C:\WINDOWS\system32\rlai.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aoxd] C:\WINDOWS\system32\??mantec\m?iexec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2004-03-19 03:33 24576 C:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2007-12-30 17:34 214456 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\pmkjh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] --------- 2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2006-11-19 19:23 319532 C:\PROGRA~1\MAGENTIC\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otra] C:\PROGRA~1\SEMBLY~1\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Router] C:\Program Files\Router\Router.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet] --a------ 2002-12-03 18:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye] --a------ 2008-01-16 07:45 4484816 C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [] S4 viadsk;viadsk;C:\WINDOWS\system32\drivers\viadsk.sys [] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-20 01:09:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-17 13:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\2 Copernic Daily ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\3 Copernic Weekly ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\4 Copernic Monthly ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 08:00:12 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 8:00:50 ComboFix-quarantined-files.txt 2008-01-20 13:00:48 ComboFix2.txt 2008-01-15 01:26:10 . 2008-01-12 18:59:09 --- E O F ---

ep44 · Answer

Désolé mais encore une fois 

selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] 


File::

C:\WINDOWS\system32\adssite-remove.exe
C:\Program Files\Dcads Advanced Toolbar
C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar
C:\WINDOWS\system32\pmkjh.exe



=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ensuite va ici https://www.virustotal.com/gui/ et fait analyser ceci  C:\WINDOWS\RussSqr.INI 
colle le résultat
@+

rayfic · Answer

résultat: ComboFix 08-01-18.5 - Raymond 2008-01-20 13:19:24.9 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.660 [GMT -5:00] Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Raymond\Bureau\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar C:\Program Files\Dcads Advanced Toolbar C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\pmkjh.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adssite-remove.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))))))) . 2008-01-16 09:05 . 2008-01-16 09:05 d-------- C:\WINDOWS\BDOSCAN8 2008-01-14 20:38 . 2008-01-14 20:38 d--hs---- C:\FOUND.013 2008-01-14 11:28 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 11:28 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 11:28 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 11:28 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 11:28 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 11:28 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 11:28 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 11:28 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-12 18:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 11:40 . 2008-01-12 11:40 d--hs---- C:\FOUND.012 2008-01-11 23:40 . 2008-01-11 23:40 d-------- C:\Program Files\Trend Micro 2008-01-11 17:54 . 2008-01-11 17:54 d--hs---- C:\FOUND.011 2008-01-11 16:47 . 2008-01-11 16:47 d-------- C:\VundoFix Backups 2008-01-11 14:47 . 2008-01-11 14:47 d-------- C:\Program Files\SPYWAREfighter 2008-01-07 21:00 . 2008-01-07 21:00 118,784 --a------ C:\WINDOWS\system32\rlai.dll 2008-01-07 20:48 . 2008-01-07 20:48 d--hs---- C:\FOUND.010 2008-01-07 19:18 . 2008-01-07 19:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-01-07 19:13 . 2008-01-07 19:13 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-07 18:10 . 2008-01-07 18:10 d-------- C:\Documents and Settings\Raymond\Application Data\OpenOffice.org2 2008-01-07 17:44 . 2008-01-07 17:44 d-------- C:\Program Files\OpenOffice.org 2.3 2008-01-05 15:43 . 2008-01-05 15:43 d-------- C:\WINDOWS\system32\NtmsData 2008-01-03 15:37 . 2008-01-03 15:37 d-------- C:\Program Files\Global Pets 98 2008-01-03 15:36 . 1998-09-12 13:52 299,520 --a------ C:\WINDOWS\uninst.exe 2008-01-03 08:34 . 2008-01-03 08:34 d-------- C:\Program Files\MSXML 6.0 2008-01-02 15:16 . 2008-01-02 15:16 d-------- C:\WINDOWS\Performance 2008-01-02 15:15 . 2008-01-02 15:15 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-01-02 15:15 . 2008-01-02 15:16 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2007-12-31 15:17 . 2007-12-31 15:17 d-------- C:\Documents and Settings\All Users\Application Data\GreenPoint 2007-12-31 15:17 . 2007-04-16 12:07 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll 2007-12-30 20:36 . 2007-12-30 20:36 0 --a------ C:\WINDOWS\RussSqr.INI 2007-12-30 20:08 . 2007-12-30 20:08 d-------- C:\Documents and Settings\Raymond\Application Data\The Labyrinth Plus! Edition 2007-12-25 06:35 . 2007-12-25 06:35 d--hs---- C:\FOUND.009 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 22:09 27,000 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT 2008-01-12 13:35 10 ----a-w C:\Program Files\.autoreg 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-03 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-26 00:56 --------- d-----w C:\Program Files\Dcads Advanced Toolbar 2007-11-26 00:56 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-06 21:29 159,803 ----a-w C:\WINDOWS\closewnd.exe 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-05-01 23:39 374 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb6334.dat 2007-05-01 23:39 18,432 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb41.dat 2007-05-01 23:34 538 ----a-w C:\Documents and Settings\Raymond\Application Data\internaldb8467.dat . ((((((((((((((((((((((((((((( snapshot_2008-01-16_14.43.26.96 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-25 06:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-17 02:57:26 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll - 2008-01-16 19:39:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-20 18:19:18 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-16 19:39:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-20 18:19:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-16 19:39:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-20 18:19:18 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-16 19:39:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-20 18:19:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-16 19:39:00 6,701,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-20 18:19:20 6,701,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-16 19:39:00 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-20 18:19:20 413,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-20 13:10:56 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_764.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll,C:\WINDOWS\system32\rlai.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aoxd] C:\WINDOWS\system32\??mantec\m?iexec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2004-03-19 03:33 24576 C:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2007-12-30 17:34 214456 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] --------- 2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2006-11-19 19:23 319532 C:\PROGRA~1\MAGENTIC\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Otra] C:\PROGRA~1\SEMBLY~1\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Router] C:\Program Files\Router\Router.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet] --a------ 2002-12-03 18:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye] --a------ 2008-01-16 07:45 4484816 C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [] S4 viadsk;viadsk;C:\WINDOWS\system32\drivers\viadsk.sys [] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-20 18:09:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-17 13:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\2 Copernic Daily ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\3 Copernic Weekly ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe "2007-12-27 22:26:04 C:\WINDOWS\Tasks\4 Copernic Monthly ~COMMERCE Raymond.job" - C:\Program Files\Copernic Agent\CopernicAgent.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 13:21:27 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 13:22:08 ComboFix-quarantined-files.txt 2008-01-20 18:22:06 ComboFix3.txt 2008-01-15 01:26:10 ComboFix2.txt 2008-01-20 13:00:52 . 2008-01-12 18:59:09 --- E O F --- cela donne ceci: 0 bytes size received / Se ha recibido un archivo vacio

ep44 · Answer

tu as ceci 
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
 connais tu ce programe druide et est(ce que tu l'a supprimé 

Télécharger sur le bureau

 http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
=> Copier ce texte en gras

C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar
C:\Program Files\Dcads Advanced Toolbar
C:\WINDOWS\system32\pmkjh.exe
. 

=> Double-clic sur OTMoveIt.exe
=> Dans le cadre de Gauche ==> clic-droit ==> coller
=> Clic MoveIt!
=> si redémarrage demandé==> Clic : YES
=> Un rapport dans ==> C:_\OTMoveItMovedFilesdate du jour à copier/coller dans la réponse

rayfic · Answer

Oui, il s'agit d'un dictionnaire et il est toujours actif.
RapportOTMoveit

C:\Documents and Settings\Raymond\Application Data\Dcads Advanced Toolbar moved successfully.
C:\Program Files\Dcads Advanced Toolbar moved successfully.
File/Folder C:\WINDOWS\system32\pmkjh.exe not found.
 
Created on 01-20-2008 15:12:07

ep44 · Answer

as tu fait analyser ceci C:\WINDOWS\RussSqr.INI ici https://www.virustotal.com/gui/
@+

rayfic · Answer

ça semble avoir rien donné.Je t'ai envoyé précédemment le résultat.Me donne ceci!!

0 bytes size received / Se ha recibido un archivo vacio

ep44 · Answer

pour vérif refais un scan en ligne avec bitdefender

rayfic · Answer

Dac, ça vas être long.Ici il est environ 17:00 mais chez vous la nuit vas être tombé avant la fin du scan!
on se reparle demain.Tu me diras ce qu,il en est.Merci de ton aide.

ep44 · Answer

ok 
@++  ;-)

rayfic · Answer

ok le voici


[General]
App	= "BitDefender Online Scanner v8"
Date	= 20:01:2008
Time	= 18:17:39
Scan Path	= A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

[Engines Info]
Virus Definitions	= 892197
Engine build	= "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"
Scan plugins	= 14
Archive plugins	= 38
Unpack plugins	= 7
E-mail plugins	= 6
System plugins	= 1

[Scan Statistics]
Folders	= 6735
Files	= 403358
Archives	= 5928
Packed files	= 8763
Identified viruses	= 2
Infected files	= 2
Warnings	= 0
Suspect files	= 0
Disinfected files	= 0
Deleted files	= 2
Copied files	= 0
Moved files	= 0
Renamed files	= 0
I/O Errors	= 28

[Scan Settings]
SecondAction	= Delete
FirstAction	= Disinfect
Heuristics	= 1
Enable Warnings	= 1
Exclude Ext	= 
Extensions	= *;
Scan Emails	= 1
Scan Archives	= 1
Scan Packed	= 1
Scan Files	= 1
Scan Boot	= 1
Verify Memory	= 0

[Scan Results]
Line00000007	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe Infecté par: Generic.Adw.SaveNow.F5FEB660"
Line00000006	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe Echec de la désinfection"
Line00000005	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe Supprimé"
Line00000004	= "C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r) Echec de la mise à jour"
Line00000003	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004 Infecté par: Trojan.Downloader.Zlob.AATN"
Line00000002	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004 Echec de la désinfection"
Line00000001	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004 Supprimé"
Line00000000	= "C:\FOUND.013\FILE2549.CHK=>(NSIS o)=>lzma_nsis0008=>(NSIS o) Echec de la mise à jour"

ep44 · Answer

Bonjour 

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier



ensuite fais ceci (IMPORTANT)

=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite
-----------------------------

Logiciels intéressants a avoir si tu ne les pas ;-)

=>CCleaner 
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto
https://forums.cnetfrance.fr

=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm


=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )

https://www.safer-networking.org/download/

démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm


ensuite refais un scan avec ton antivirus et tient moi au courant 

@+

rayfic · Answer

Salut, trouvé ds C:\found.13

ep44 · Answer

re

si tu veux bien on va changer d'antivirus 
tu vas télécharger antivir https://www.malekal.com/avira-free-security-antivirus-gratuit/
une fois télécharger ferme toutes tes applications et supprime avast
ensuite une fois installer et que tes mises à jours seront faites fait un scan en mode sans échec 

si par la suite cette anti-virus ne te satisfait pas tu pourras toujours le changer par l'ancien 
mais je te conseil quand même de le garder, car beaucoup mieux que avast
http://www.commentcamarche.net/telecharger/antivir 55 avis opinions.php3#avis
mais pour notre soucis il serait bien de procéder ainsi
@+

rayfic · Answer

Bonjour,J'ai fait les changements, voici le rapport: AntiVir PersonalEdition Classic Report file date: 2008-01-21 22:55 Scanning for 1059592 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: COMMERCE Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 03:51:02 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 03:51:04 ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 03:51:04 ANTIVIR3.VDF : 7.0.2.22 257536 Bytes 20/01/2008 03:51:04 AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 22/01/2008 03:51:06 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/01/2008 03:51:06 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: I:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-01-21 22:55 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'ImApp.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned Scan process 'MgApp.exe' - '1' Module(s) have been scanned Scan process 'KEM.EXE' - '1' Module(s) have been scanned Scan process 'NaturalColorLoad.exe' - '1' Module(s) have been scanned Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned Scan process 'WeatherEye.exe' - '1' Module(s) have been scanned Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'DAEMON.EXE' - '1' Module(s) have been scanned Scan process 'Logi_MwX.Exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 35 processes with 35 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'H:\' [NOTE] No virus was found! Boot sector 'I:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '27' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\WINDOWS\uninst.exe [DETECTION] Contains detection pattern of the Windows virus W95/CIH (inactive) [INFO] The file was moved to '47fe69d4.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{9516D1D4-4FB4-4ECD-8BE9-19D91AEDF9B7}\RP2\A0000152.exe [DETECTION] Contains detection pattern of the Windows virus W95/CIH (inactive) [INFO] The file was moved to '47c572fb.qua'! C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir [DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.1 [INFO] The file was moved to '47c7736b.qua'! Begin scan in 'D:\' Begin scan in 'H:\' H:\System Volume Information\_restore{06DD9CA0-9A48-42F4-AF17-47158557B283}\RP135\A0018359.exe [DETECTION] Is the Trojan horse TR/Keygen.DR [INFO] The file was moved to '47c57803.qua'! Begin scan in 'I:\' End of the scan: 2008-01-22 00:07 Used time: 1:11:56 min The scan has been done completely. 6445 Scanning directories 426665 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 426661 Files not concerned 5209 Archives were scanned 7 Warnings 10 Notes @+

ep44 · Answer

Bonjour 

4 fichier trouvé tu les à mis en quarantaine 
bien 

as tu encore des soucis ?

rayfic · Answer

Bonsoir.Non. mais me demande c'est quoi Qoobox, puis-je le détruire??

2- Quand j'ouvre mon ordi, souvent n'ouvre pas.Quand je redémarre il ouvre dans le BIOS.Comment faire pour qu'il ouvre de la bonne 
    façon? Peut-tu m'aider??

ep44 · Answer

Oui tu peux virer directement QooBox > Clic droit > supprimer.
QooBox est la sauvegarde de ComboFix 

Quand je redémarre il ouvre dans le BIOS.Comment faire pour qu'il ouvre de la bonne 
je t'avoue que la je colle 
mais vérifie quand même ceci 

Démarrer==>Exécuter==> peux tu taper msconfig==>l'onglet Boot/ini  tu ne doit rien avoir de cocher
@+

rayfic · Answer

Vais essayer.Rien de cocher. Ceci est un problème qui date AVANT la désinfection.

ep44 · Answer

je vais peut-être dire une bêtise mais 
la pile de la carte mère à combien d'année ?
si plus de cinq an peut-être bonne à changer
as tu dépoussiéré aussi ?

rayfic · Answer

Non l'ordi a moins de 5ans et a été nettoyé dernièrement.

ep44 · Answer

désolé je colle 

essaye la rubrique Matériel 

sinon coté infection plus de soucis ?

rayfic · Answer

Non, j'ai installé ZA comme suggérer par Greenday.Je te remercie beaucoup de ton aide ,et BRAVO à toute la communauté.

ep44 · Answer

tu as installer zone alarme 
quel rapport avec ton soucis de démarrage ?

rayfic · Answer

Salut à toi. Pense pas qu'il ya un rapport.le problème est présent depuis longtemps.

ep44 · Answer

Bonsoir 

autre chose 
=>démarrer
=>exécuter
=>tape msconfig  puis sur ok
=> onglet général et tu doit être coché en mode normal

sinon je pense que tu devrais poster un nouveau sujet sur le forum matériel 
je pense que pour notre soucis d'infection le sujet est résolu 
bon courage à toi pour la suite 
@+;-)

rayfic · Answer

Merci beaucoup pour ton aide, mes problèmes sont tous résolus .Continuez à faire du bien autour de vous. 

Amitiés,RAYFIC

ep44 · Answer

Bonsoir rayfic,

avec plaisir ;-))

Infesté de virus,ex:geebc.dll, khfda.dll ect

85 réponses

Discussions similaires