Infection help ME

tokina Messages postés 22 Statut Membre -  
tokina Messages postés 22 Statut Membre -
Bonjour,

J'ai de multiple infections :
Fichier QRJATYDI.EXE
Ointfp.exe
OuterInfo.Exe
monsgs.exe
Winiyz32.dll
.....

Windows me redirige vers des sites pour spywares et me détecte des virus

Je log un Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:31, on 09/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Outerinfo\Outerinfo .exe
C:\Program Files\Outerinfo\OuterinfoUpdate .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 4400 bytes

Merci pour votre aide je suis perdu

22 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    bonjour

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    pour effectuer les fix deconnect toi et ferme toutes tes applications !!

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    ____________________________________

    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    0
  2. tokina Messages postés 22 Statut Membre
     
    RE,

    Info comme demandé

    VUNDOFIX

    VundoFix V6.7.8

    Checking Java version...

    Scan started at 19:29:44 09/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\ctnycrrq.dll
    C:\WINDOWS\system32\dgjyduwl.dll
    C:\windows\system32\drvrudr.dll
    C:\WINDOWS\system32\gebabbx.dll
    C:\WINDOWS\system32\hstwopcc.dll
    C:\WINDOWS\system32\kaithior.dll
    C:\WINDOWS\system32\kbumciyr.dll
    C:\WINDOWS\system32\mijcccjl.dll
    C:\WINDOWS\system32\negifbhq.dll
    C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\npqss.ini2
    C:\WINDOWS\system32\opnmjii.dll
    C:\WINDOWS\system32\ovilyyqm.dll
    C:\windows\system32\ovilyyqm.dllbox
    C:\WINDOWS\system32\pmnmnmk.dll
    C:\WINDOWS\system32\qhbfigen.ini
    C:\WINDOWS\system32\qrrcyntc.ini
    C:\WINDOWS\system32\ssqpn.dll
    C:\WINDOWS\system32\ssqpn.exe
    C:\WINDOWS\system32\uqpdshbf.dll
    C:\WINDOWS\system32\winiyz32.dll
    C:\WINDOWS\system32\worvjeup.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ctnycrrq.dll
    C:\WINDOWS\system32\ctnycrrq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dgjyduwl.dll
    C:\WINDOWS\system32\dgjyduwl.dll Has been deleted!

    Attempting to delete C:\windows\system32\drvrudr.dll
    C:\windows\system32\drvrudr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebabbx.dll
    C:\WINDOWS\system32\gebabbx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hstwopcc.dll
    C:\WINDOWS\system32\hstwopcc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kaithior.dll
    C:\WINDOWS\system32\kaithior.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kbumciyr.dll
    C:\WINDOWS\system32\kbumciyr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mijcccjl.dll
    C:\WINDOWS\system32\mijcccjl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\negifbhq.dll
    C:\WINDOWS\system32\negifbhq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\npqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\npqss.ini2
    C:\WINDOWS\system32\npqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnmjii.dll
    C:\WINDOWS\system32\opnmjii.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ovilyyqm.dll
    C:\WINDOWS\system32\ovilyyqm.dll Has been deleted!

    Attempting to delete C:\windows\system32\ovilyyqm.dllbox
    C:\windows\system32\ovilyyqm.dllbox Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnmnmk.dll
    C:\WINDOWS\system32\pmnmnmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qhbfigen.ini
    C:\WINDOWS\system32\qhbfigen.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrrcyntc.ini
    C:\WINDOWS\system32\qrrcyntc.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpn.dll
    C:\WINDOWS\system32\ssqpn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpn.exe
    C:\WINDOWS\system32\ssqpn.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uqpdshbf.dll
    C:\WINDOWS\system32\uqpdshbf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winiyz32.dll
    C:\WINDOWS\system32\winiyz32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\worvjeup.dll
    C:\WINDOWS\system32\worvjeup.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\negifbhq.dll
    C:\WINDOWS\system32\negifbhq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VGB.TXT

    [02/09/2008, 19:56:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\toto\Bureau\VirtumundoBeGone.exe" )
    [02/09/2008, 19:56:21] - Detected System Information:
    [02/09/2008, 19:56:21] - Windows Version: 5.1.2600, Service Pack 1
    [02/09/2008, 19:56:21] - Current Username: toto (Admin)
    [02/09/2008, 19:56:21] - Windows is in NORMAL mode.
    [02/09/2008, 19:56:21] - Searching for Browser Helper Objects:
    [02/09/2008, 19:56:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [02/09/2008, 19:56:21] - BHO 2: {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} ()
    [02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\Outerinfo
    [02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\Outerinfo, continuing.
    [02/09/2008, 19:56:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/09/2008, 19:56:21] - BHO 4: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
    [02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\etdtxvff
    [02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\etdtxvff, continuing.
    [02/09/2008, 19:56:21] - BHO 5: {7873C108-A6D3-4AE8-B22A-5E5328F72A1E} ()
    [02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\ssqpn
    [02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
    [02/09/2008, 19:56:21] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [02/09/2008, 19:56:21] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [02/09/2008, 19:56:21] - BHO 8: {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} ()
    [02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\opnmjii
    [02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\opnmjii, continuing.
    [02/09/2008, 19:56:21] - BHO 9: {d79b652b-3e38-4fcd-9d4a-53b12aae6e7d} ()
    [02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\vnljhrdg
    [02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\vnljhrdg, continuing.
    [02/09/2008, 19:56:21] - Finished Searching Browser Helper Objects
    [02/09/2008, 19:56:21] - Finishing up...
    [02/09/2008, 19:56:21] - Nothing found! Exiting...
    0
  3. Utilisateur anonyme
     
    ok ca avance bien !

    Télécharges ComboFix à partir d'un de ces liens :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, et ton pare feu si ce n'est pas celui de window , qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  4. tokina Messages postés 22 Statut Membre
     
    RE

    Post de COMBO

    Attention de nombreux pb au démarrage

    ComboFix 08-02.05.3 - toto 2008-02-09 20:39:31.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.309 [GMT 1:00]
    Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ssqpn.dll
    C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4.exe
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\cfozutgr
    C:\Program Files\cfozutgr\srodufql.dll
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Cache\ctxad-577.0000
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\OinUninstall.exe
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\Outerinfo .exe
    C:\Program Files\outerinfo\Outerinfo.dll
    C:\Program Files\outerinfo\Outerinfo.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\OuterinfoUpdate .exe
    C:\Program Files\outerinfo\OuterinfoUpdate.exe
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bsgqxwuj.ini
    C:\WINDOWS\system32\cccaoqre.ini
    C:\WINDOWS\system32\cvgpjvtv.ini
    C:\WINDOWS\system32\mbigibzz.dll
    C:\WINDOWS\system32\mbigibzz.dll . . . . Echec de suppression
    C:\WINDOWS\system32\mbigibzz.dllbox
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\njprckha
    C:\WINDOWS\system32\njprckha\bg1.gif
    C:\WINDOWS\system32\njprckha\bgtop.gif
    C:\WINDOWS\system32\njprckha\bottom1.gif
    C:\WINDOWS\system32\njprckha\essentials.gif
    C:\WINDOWS\system32\njprckha\icon1.ico
    C:\WINDOWS\system32\njprckha\install1.gif
    C:\WINDOWS\system32\njprckha\left1.gif
    C:\WINDOWS\system32\njprckha\li.gif
    C:\WINDOWS\system32\njprckha\logo.gif
    C:\WINDOWS\system32\njprckha\main.htm
    C:\WINDOWS\system32\njprckha\mainframe.htm
    C:\WINDOWS\system32\njprckha\njprckha1.exe
    C:\WINDOWS\system32\njprckha\reinstall1.gif
    C:\WINDOWS\system32\njprckha\right1.gif
    C:\WINDOWS\system32\njprckha\s1.htm
    C:\WINDOWS\system32\njprckha\s2.htm
    C:\WINDOWS\system32\njprckha\s3.htm
    C:\WINDOWS\system32\njprckha\SMTop1.gif
    C:\WINDOWS\system32\njprckha\SMTop2.gif
    C:\WINDOWS\system32\njprckha\SMTop3.gif
    C:\WINDOWS\system32\njprckha\SMTop4.gif
    C:\WINDOWS\system32\njprckha\soft1_off.gif
    C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
    C:\WINDOWS\system32\njprckha\soft1_on.gif
    C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
    C:\WINDOWS\system32\njprckha\soft2_off.gif
    C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
    C:\WINDOWS\system32\njprckha\soft2_on.gif
    C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
    C:\WINDOWS\system32\njprckha\soft3_off.gif
    C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
    C:\WINDOWS\system32\njprckha\soft3_on.gif
    C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
    C:\WINDOWS\system32\njprckha\softbottom_off.gif
    C:\WINDOWS\system32\njprckha\softbottom_on.gif
    C:\WINDOWS\system32\njprckha\softleft_off.gif
    C:\WINDOWS\system32\njprckha\softleft_on.gif
    C:\WINDOWS\system32\njprckha\top1.gif
    C:\WINDOWS\system32\njprckha\top2.gif
    C:\WINDOWS\system32\njprckha\turnoff1.gif
    C:\WINDOWS\system32\njprckha\turnon1.gif
    C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\npqss.ini2
    C:\WINDOWS\system32\RCX18.tmp
    C:\WINDOWS\system32\RCX19.tmp
    C:\WINDOWS\system32\RCX1B.tmp
    C:\WINDOWS\system32\RCX1F.tmp
    C:\WINDOWS\system32\RCX25.tmp
    C:\WINDOWS\system32\RCX28.tmp
    C:\WINDOWS\system32\RCX29.tmp
    C:\WINDOWS\system32\RCX2C.tmp
    C:\WINDOWS\system32\RCXD1.tmp
    C:\WINDOWS\system32\ssqpn.dll
    C:\WINDOWS\system32\ssqpn.exe
    C:\WINDOWS\system32\tbxbbscm.dll
    C:\WINDOWS\system32\vnljhrdg.dll
    C:\WINDOWS\system32\vtvjpgvc.dll
    C:\WINDOWS\system32\windows
    C:\WINDOWS\system32\xutssaoo.ini
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe . . . . Echec de suppression

    ----- BITS: Possible sites infect‚s -----

    hxxp://msgr.dlservice.microsoft.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-09 20:47 . 2008-02-09 20:47 14,033 --a------ C:\posF.tmp
    2008-02-09 19:57 . 2008-02-09 20:44 163,904 --------- C:\WINDOWS\system32\mbigibzz.dll
    2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
    2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
    2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
    2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
    2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
    2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
    2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
    2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
    2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
    2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
    2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
    2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
    2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
    2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
    .
    [code]<pre>
    ----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
    ----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    ----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
    C:\Program Files\Cannbpjy\etdtxvff.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2008-02-09 20:44 163904 --------- C:\WINDOWS\system32\mbigibzz.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [ ]
    "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
    "Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
    "TFncKy"="TFncKy.exe" []
    "TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
    "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:43 1697792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
    "zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
    mbigibzz.dll 2008-02-09 20:44 163904 C:\WINDOWS\system32\mbigibzz.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    c:\program files\altnet\points manager\points manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
    C:\WINDOWS\FVProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "iPodService"=3 (0x3)

    R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
    R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
    R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
    S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
    S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
    S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-09 18:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 20:49:10
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\mbigibzz.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
    -> C:\WINDOWS\system32\mbigibzz.dll
    -> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-09 20:51:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-09 19:51:30
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    ne t'inquiete pas je ne t'ai pas abandone je demande des conseils a des helpers plus experimentes car tu as une infection a prioris qui patche certains de tes programmes .
    0
  7. Utilisateur anonyme
     
    ca y est j'ai eu des infos grace a jorginho67 , tu as la derniere version du trojan vundo patcher , fantastique non?!! lol ne t'en fait on va debarrasser ton pc de cette cochonnerie !!

    telecharge ceci:
    http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
    double clique dessus pour le lancer.
    Le dossier SystemDrive va être scanné à la recherche de fichier EXE dont le nom comporte un espace.
    Un rapport va être créé > copie colle le ici !
    0
  8. tokina Messages postés 22 Statut Membre
     
    RE

    Rapport demandé

    [code]
    Ran on 09/02/2008 - 23:15:07,32

    ----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
    ----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    ----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe

    Entries: 10 (10)
    Directories: 0 Files: 10
    Bytes: 15,940,336 Blocks: 31,136
    /code
    0
  9. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Bonsoir les gens !

    Crée un fichier Bloc Notes ( clic droit sur le bureau> nouveau> document texte > copi/colles-y le texte qui se trouve ci dessous:

    C:\WINDOWS\system32\00THotkey .exe
    C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    C:\Program Files\QuickTime\qttask .exe
    :\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe


    Sauvegarde ce fichier et donne lui le nom suivant > Log.txt
    Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme montré ci dessous :
    http://img.photobucket.com/albums/v666/sUBs/RenV.gif

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    0
  10. tokina Messages postés 22 Statut Membre
     
    RE

    Voilà les infos du scan

    [code]
    Ran on 10/02/2008 - 8:54:00,12

    ----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
    ----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    ----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe

    Entries: 10 (10)
    Directories: 0 Files: 10
    Bytes: 15,940,336 Blocks: 31,136
    /code
    0
  11. Utilisateur anonyme
     
    bonjour je poste la suite de procedure en attendant jorginho67

    1) RenV d'sUBs

    Crée un nouveau document texte :

    Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :

    C:\WINDOWS\system32\00THotkey .exe
    C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe


    * Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
    * Choisis "Enregistrer sous" et choisis "Bureau"
    * Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
    * Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
    * ferme ce fichier txt nouvellement crée.

    Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    2) Combofix.exe de sUBs

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    Double clique sur Combofix.exe (sur ton Bureau)
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan
    Lorsque le scan sera terminé, un rapport apparaîtra.

    Poste le en réponse.

    Note : Le rapport se trouve également là : C:\Combofix.txt+
    0
  12. tokina Messages postés 22 Statut Membre
     
    RE

    1) Rapport de RENV

    Ran on 10/02/2008 - 17:01:01,33

    ----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
    ----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    ----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe

    Entries: 10 (10)
    Directories: 0 Files: 10
    Bytes: 15,940,336 Blocks: 31,136

    2) Rapport de COmbo

    ComboFix 08-02.05.3 - toto 2008-02-10 17:02:55.2 - [color=red][b]FAT32/b/colorx86
    Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.331 [GMT 1:00]
    Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\mbigibzz.dllbox
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
    2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
    2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
    2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
    2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
    2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
    2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
    2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
    2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
    2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
    2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0/u0THotkey .exe
    2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
    2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
    2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
    2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
    2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
    2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
    2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
    2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
    2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
    2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
    2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
    2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
    2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
    2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
    2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
    2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
    2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
    2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
    2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
    2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
    2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
    2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
    2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
    2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
    2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
    2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
    2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
    2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
    2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
    2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
    2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
    2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
    2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
    2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
    2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
    2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
    2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
    2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
    2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
    2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
    2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
    2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
    2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
    .
    [code]<pre>
    ----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\[u]0/u0THotkey .exe
    ----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    ----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
    C:\Program Files\Cannbpjy\etdtxvff.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "00THotkey"="C:\WINDOWS\System32\[u]0/u0THotkey.exe" [ ]
    "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0/u00StTHK.exe]
    "Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
    "TFncKy"="TFncKy.exe" []
    "TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
    "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:43 1697792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
    "zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
    mbigibzz.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    c:\program files\altnet\points manager\points manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
    C:\WINDOWS\FVProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "iPodService"=3 (0x3)

    R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
    R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
    R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
    S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
    S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
    S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-10 11:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 17:07:57
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
    -> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-10 17:09:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-10 16:09:02
    ComboFix2.txt 2008-02-09 19:51:36
    0
  13. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Oupps, petit malentendu ....

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    RENV::
    C:\WINDOWS\system32\00THotkey .exe
    C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe


    Enregistre ce fichier sous le nom CFScript
    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) ,tape 1 puis valide.
    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @ +
    0
  14. tokina Messages postés 22 Statut Membre
     
    RE,

    Rapport de COMBO

    ComboFix 08-02.05.3 - toto 2008-02-10 18:06:35.3 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.321 [GMT 1:00]
    Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\toto\Bureau\CFScript
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 17:02 . 2001-08-28 14:00 388,096 --a------ C:\kmd.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
    2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
    2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
    2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
    2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
    2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
    2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
    2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
    2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
    2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
    2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
    2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
    2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
    2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
    2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
    2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
    2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
    2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
    2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
    2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
    2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
    2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
    2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
    2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
    2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
    2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
    2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
    2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
    2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
    2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
    2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
    2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
    2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
    2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
    2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
    2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
    2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
    2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
    2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
    2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
    2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
    2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
    2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
    2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
    2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
    2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
    2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
    2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
    2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
    2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
    2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
    2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
    2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
    2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
    .
    [code]<pre>
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
    C:\Program Files\Cannbpjy\etdtxvff.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2008-01-17 08:49 245760]
    "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
    "Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
    "TFncKy"="TFncKy.exe" []
    "TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
    "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-12-31 09:54 49152]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-31 09:55 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 19:34 450560]
    "cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:31 968696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-09 20:30 83608]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-02 11:42:32 135680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
    "zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
    mbigibzz.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    c:\program files\altnet\points manager\points manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
    C:\WINDOWS\FVProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "iPodService"=3 (0x3)

    R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
    R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
    R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
    S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
    S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
    S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-10 16:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 18:07:50
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
    -> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
    .
    Temps d'accomplissement: 2008-02-10 18:08:26
    ComboFix-quarantined-files.txt 2008-02-10 17:08:26
    ComboFix3.txt 2008-02-09 19:51:36
    ComboFix2.txt 2008-02-10 16:09:06

    Status :
    1- Nombreuses difficultés à se connecter sur Internet
    2- Explorer cherche à se connecter au démarrage
    3- AVG ne démarre plus, dois-je le détruire si oui comment il n'ya pas de commande Uninstall
    Sinon il n'y a plus d'alerte au virus au démarrage; juste pour mon info comment ai-je attraper ? Y a-t-il un cas spécifique ?
    En tous les cas merci à vous vous etes très compétent.
    0
  15. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    comment ai-je attraper ? Y a-t-il un cas spécifique ? ce sont des nouvelles variantes....

    vu ceci : C:\Program Files\QuickTime\qttask .exe
    Vulnérabilités critiques dans QuickTime

    donc, on jette !!! De plus qu'il est inutile...

    Télécharge ce nettoyeur de registre JV 16
    http://telechargement.zebulon.fr/201-jv16-powertools.html
    Pour le mettre en français ->onglet préférence ->langue
    Clic après sur outil registre va sur l'onglet menu de désinstallation recherche quicktime.
    Coche ta case puis en bas désinstaller.

    Pour le reste, je regarde en détail, je te tiens au courant .

    @ suivre.....
    0
  16. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Salut !

    alors ? ou est tu passé(e) ?

    Tu peux me remettre un rapport combo s'il te plait ?

    @+
    0
  17. tokina Messages postés 22 Statut Membre
     
    RE,

    Désolé ai du partir en déplacement;

    Rapport COMBO
    ComboFix 08-02.05.3 - toto 2008-02-12 20:03:17.4 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.355 [GMT 1:00]
    Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 19:04 . 2008-02-10 19:04 <REP> d-------- C:\Program Files\jv16 PowerTools
    2008-02-10 18:05 . 2001-08-28 14:00 388,096 --a------ C:\kmd.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
    2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
    2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
    2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
    2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
    2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
    2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
    2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
    2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
    2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
    2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
    2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
    2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
    2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
    2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
    2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
    2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
    2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
    2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
    2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
    2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
    2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
    2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
    2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
    2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
    2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
    2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
    2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
    2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
    2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
    2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
    2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
    2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
    2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
    2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
    2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
    2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
    2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
    2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
    2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
    2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
    2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
    2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
    2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
    2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
    2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
    2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
    2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
    2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
    2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
    2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
    2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
    2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
    2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
    2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
    2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
    .
    [code]<pre>
    ----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
    ----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    ----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
    C:\Program Files\Cannbpjy\etdtxvff.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2008-01-17 08:49 245760]
    "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
    "Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
    "TFncKy"="TFncKy.exe" []
    "TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
    "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-12-31 09:54 49152]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-31 09:55 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 19:34 450560]
    "cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:31 968696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-09 20:30 83608]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-02 11:42:32 135680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
    "zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
    mbigibzz.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    c:\program files\altnet\points manager\points manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
    C:\WINDOWS\FVProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "iPodService"=3 (0x3)

    R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
    R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
    R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
    S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
    S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
    S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-12 18:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-12 20:04:48
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
    -> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
    .
    Temps d'accomplissement: 2008-02-12 20:05:19
    ComboFix-quarantined-files.txt 2008-02-12 19:05:18
    ComboFix4.txt 2008-02-09 19:51:36
    ComboFix3.txt 2008-02-10 16:09:06
    ComboFix2.txt 2008-02-10 17:08:28

    J'ai du dédconnecté ZoneLab et au lancement de COMBO le fichier nircmd.cfexe a demandé une coinnection. e + de nouveau ouverture de IE sur une page vantant des outils spyware !!!!
    0
  18. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Télécharge Pocket Killbox

    Démo d'utilisation (merci a Balltrap34 pour cette réalisation)

    Double clic sur killbox.exe (Pocket Killbox)

    Coche delete on reboot Dans "Full Path of File to Delete"

    Copie et colle ceci :

    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe


    Clique sur la croix rouge

    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Si ce message s’affiche ignore le :
    http://tinypic.com/images/goodbye.jpg
    Laisse le pc redémarrer sinon redemarre le manuellement
    Et après reposte un log HijackThis.
    0
  19. tokina Messages postés 22 Statut Membre
     
    RE
    Fait, Rapport HijackThis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:04:35, on 12/02/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Cannbpjy\etdtxvff.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O20 - Winlogon Notify: mbigibzz - mbigibzz.dll (file missing)
    O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
    O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    0
  20. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Salut !

    Ce coup ci c'est moi qui suis parti lol ...

    On reprend :

    Télécharge KillBox sur ton bureau ...
    Ce lien est le lien officiel, c'est la certitude d' avoir la dernière version :
    http://www.killbox.net/
    Clique en haut à gauche sur le lien "Download KillBox".
    Le téléchargement se lance automatiquement.
    Tu obtiens le fichier "KillBox.exe" directement utilisable.
    Lance Killbox.

    Dans la fenêtre Full Path of File to Delete, copie-colle ce qui est en citation :
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" --> fais attention a bien choisir celui qui a l'espace entre le "s" et le "exe"

    Coche "Delete on Reboot" (Supprimer au redémarrage).
    Clique sur "All Files".
    Clique sur la croix blanche dans le cercle rouge.
    KillBox te pose alors la question suivante :
    "Files will be Removed on Reboot, Do you want to reboot now ?"
    (Les fichiers seront supprimés au redémarrage. Souhaitez redémarrer maintenant ?)
    Clique sur "Yes" (Oui).
    Le rapport se trouve à la racine du disque dur C:\!killbox\

    Poste-le et refais un log HJT's stp !

    @+
    0
  21. tokina Messages postés 22 Statut Membre
     
    RE,

    Post de kb.log
    Pocket Killbox version 2.0.0.648
    Running on Windows XP as toto(Administrator)
    was started @ mardi, février 12, 2008, 10:54 PM

    # 1 [Delete on Reboot]
    Path = C:\Program Files\QuickTime\qttask .exe

    # 2 [Delete on Reboot]
    Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

    I Rebooted @ 10:57:19 PM
    Killbox Closed(Exit) @ 10:57:20 PM
    __________________________________________________

    Pocket Killbox version
    Running on Windows XP as toto(Administrator)
    was started @ vendredi, février 15, 2008, 1:02 AM

    Killbox Closed(Exit) @ 1:02:34 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as toto(Administrator)
    was started @ vendredi, février 15, 2008, 1:03 AM

    # 1 [Delete on Reboot]
    Path = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe"

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:21 AM
    # 2 [Delete on Reboot]
    Path = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe"

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:05:25 AM
    Killbox Closed(Exit) @ 1:05:27 AM
    __________________________________________________

    Post de Hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:08:57, on 15/02/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Cannbpjy\etdtxvff.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O20 - Winlogon Notify: mbigibzz - mbigibzz.dll (file missing)
    O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
    O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    0
  • 1
  • 2