Sujet Précédent Sujet Suivant

Log hijack trojan Vundo ??

SEBSEB -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voila j'ai mon pc qui est infecté
J'ai fait des scans et du nettoyage avec : ad-aware, spybot, ccleaner, malwarebytes, a-squared et antivir
Voila mon log hijack Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:07, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Booster Wanadoo\wanadoo_booster.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BFEA982-9F40-4181-8DA1-9A7C91CB117B} - (no file)
O2 - BHO: (no name) - {0CDAB007-7588-4459-A277-12BAFC9F6D44} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {2B7643CE-88FB-4E04-9A7C-9E839DAC08C9} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: (no name) - {4318A528-50C7-43E5-93C4-763F150B9237} - (no file)
O2 - BHO: (no name) - {46297DE9-7FCD-4950-B200-AFB110DC1113} - (no file)
O2 - BHO: (no name) - {4B6159EE-3BEF-4915-B836-F03B0C183342} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {537354fa-cc73-48b0-8ab2-08c3a7cdd90e} - (no file)
O2 - BHO: (no name) - {6664CDE0-A32E-423B-923B-B63E035051D4} - (no file)
O2 - BHO: (no name) - {7354fc71-a1a2-4464-ba72-e6e6a8d306bf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C551F0C-AC8B-46B1-AA0E-C7AE859F9DAA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8eb7222d-f327-47fd-baee-a0c8e0ad3783} - (no file)
O2 - BHO: (no name) - {96E222A9-0B7C-477A-A48C-AF603553BA1C} - (no file)
O2 - BHO: (no name) - {9B7E007E-295E-426C-A57D-EE9D2E74AE2F} - (no file)
O2 - BHO: (no name) - {9ca2db6b-7c87-4494-9630-ddf35dc037e3} - (no file)
O2 - BHO: (no name) - {9CB22642-973B-4344-B05A-89EBF3D501DA} - (no file)
O2 - BHO: (no name) - {A254C2CC-81AB-47F7-9761-46277B1B8521} - (no file)
O2 - BHO: (no name) - {B8DFD44F-C9ED-48F0-B458-9413258C2B75} - (no file)
O2 - BHO: (no name) - {C5C4BFEC-BFFA-473D-AA37-21EBF71C01C4} - (no file)
O2 - BHO: (no name) - {c6f6eb04-b2fc-428d-b2d0-ad7542a55a2d} - (no file)
O2 - BHO: (no name) - {DA5F827F-2AD5-4D1C-9910-D9986842BF31} - (no file)
O2 - BHO: (no name) - {e8c36228-838b-4169-b534-b5444e557551} - (no file)
O2 - BHO: (no name) - {ED1D943C-5175-4D77-9D74-9592BABF1F70} - (no file)
O2 - BHO: (no name) - {F7550D4A-0AC9-46BF-A9CE-5ED8AB6EB045} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Booster Orange.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Afficher l'image non compressée - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/227
O8 - Extra context menu item: Afficher toutes les images non compressées - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/250
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\BetwayMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: pmnnool - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
A voir également:

2 réponses

Réponse 1 / 2
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

les jeux de poker c'est source de pubs...

_____________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\smss.exe

O2 - BHO: (no name) - {0BFEA982-9F40-4181-8DA1-9A7C91CB117B} - (no file)
O2 - BHO: (no name) - {0CDAB007-7588-4459-A277-12BAFC9F6D44} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {2B7643CE-88FB-4E04-9A7C-9E839DAC08C9} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: (no name) - {4318A528-50C7-43E5-93C4-763F150B9237} - (no file)
O2 - BHO: (no name) - {46297DE9-7FCD-4950-B200-AFB110DC1113} - (no file)
O2 - BHO: (no name) - {4B6159EE-3BEF-4915-B836-F03B0C183342} - (no file)
O2 - BHO: (no name) - {537354fa-cc73-48b0-8ab2-08c3a7cdd90e} - (no file)
O2 - BHO: (no name) - {6664CDE0-A32E-423B-923B-B63E035051D4} - (no file)
O2 - BHO: (no name) - {7354fc71-a1a2-4464-ba72-e6e6a8d306bf} - (no file)
O2 - BHO: (no name) - {7C551F0C-AC8B-46B1-AA0E-C7AE859F9DAA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8eb7222d-f327-47fd-baee-a0c8e0ad3783} - (no file)
O2 - BHO: (no name) - {96E222A9-0B7C-477A-A48C-AF603553BA1C} - (no file)
O2 - BHO: (no name) - {9B7E007E-295E-426C-A57D-EE9D2E74AE2F} - (no file)
O2 - BHO: (no name) - {9ca2db6b-7c87-4494-9630-ddf35dc037e3} - (no file)
O2 - BHO: (no name) - {9CB22642-973B-4344-B05A-89EBF3D501DA} - (no file)
O2 - BHO: (no name) - {A254C2CC-81AB-47F7-9761-46277B1B8521} - (no file)
O2 - BHO: (no name) - {B8DFD44F-C9ED-48F0-B458-9413258C2B75} - (no file)
O2 - BHO: (no name) - {C5C4BFEC-BFFA-473D-AA37-21EBF71C01C4} - (no file)
O2 - BHO: (no name) - {c6f6eb04-b2fc-428d-b2d0-ad7542a55a2d} - (no file)
O2 - BHO: (no name) - {DA5F827F-2AD5-4D1C-9910-D9986842BF31} - (no file)
O2 - BHO: (no name) - {e8c36228-838b-4169-b534-b5444e557551} - (no file)
O2 - BHO: (no name) - {ED1D943C-5175-4D77-9D74-9592BABF1F70} - (no file)
O2 - BHO: (no name) - {F7550D4A-0AC9-46BF-A9CE-5ED8AB6EB045} - (no file)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: pmnnool - C:\WINDOWS\

___________________

Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix

___________________

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________________
puis :

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_____________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
SEBSEB
 
Voila j'ai tout fini alors
Merci beaucoup pour l'aide

le rapport msnfix :
MSNFix 1.701

C:\Documents and Settings\c\Bureau\jlpjlp\MSNFix\MSNFix
Fix exécuté le 08/04/2008 - 17:32:29,43 By c
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\c\LOCALS~1\Temp\Setup.exe
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\system32\vbzip10.dll

************************ Recherche les dossiers présents

... \TEMP\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\c\LOCALS~1\Temp\Setup.exe
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\system32\vbzip10.dll


************************ Suppression des dossiers

/!\ ... \TEMP\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\eMule0.47c-Installer.exe] D388CDC4DDA65263F7DB385989AF7160

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\c\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08042008_17354890.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


Pas de Vundo détecté = pas de rapport

04/08/2008, 17:54:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\c\Bureau\VirtumundoBeGone.exe" )
[04/08/2008, 17:54:15] - Detected System Information:
[04/08/2008, 17:54:15] - Windows Version: 5.1.2600, Service Pack 2
[04/08/2008, 17:54:15] - Current Username: c (Admin)
[04/08/2008, 17:54:15] - Windows is in NORMAL mode.
[04/08/2008, 17:54:15] - Searching for Browser Helper Objects:
[04/08/2008, 17:54:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[04/08/2008, 17:54:15] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/08/2008, 17:54:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/08/2008, 17:54:15] - Finished Searching Browser Helper Objects
[04/08/2008, 17:54:15] - Finishing up...
[04/08/2008, 17:54:15] - Nothing found! Exiting...


Et Combofix :

ComboFix 08-04-07.5 - c 2008-04-08 17:55:49.1 - NTFSx86
Endroit: C:\Documents and Settings\c\Bureau\killbagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\WINDOWS\BM132a1eef.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\ext
C:\WINDOWS\system32\ggusapfm.ini
C:\WINDOWS\system32\hkmujhjq.ini
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\rawvpjoi.ini
C:\WINDOWS\system32\sdoqpgkd.ini
C:\WINDOWS\system32\tuvuvust.dll
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2
C:\WINDOWS\system32\xmuacgbs.ini
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

2008-04-08 15:44 . 2008-04-08 15:44 <REP> d-------- C:\VundoFix Backups
2008-04-08 00:55 . 2008-04-08 00:55 <REP> d-------- C:\Program Files\CCleaner
2008-04-08 00:42 . 2008-04-08 00:42 <REP> d-------- C:\Documents and Settings\c\Application Data\Malwarebytes
2008-04-07 23:04 . 2008-04-07 23:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 23:04 . 2008-04-07 23:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 23:04 . 2008-04-07 23:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-04-07 20:43 . 2008-04-07 20:43 <REP> d-------- C:\Program Files\Avira
2008-04-07 20:43 . 2008-04-07 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-07 20:32 . 2008-04-07 21:46 <REP> d-------- C:\Program Files\a-squared Free
2008-04-07 19:20 . 2008-04-07 19:20 <REP> d-------- C:\Program Files\Lavasoft
2008-04-07 19:20 . 2008-04-07 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 19:16 . 2008-04-07 19:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-07 18:36 . 2004-06-01 00:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-07 18:36 . 2004-06-01 00:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-07 18:36 . 2006-07-03 12:42 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-07 18:36 . 2004-06-01 00:48 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-07 18:36 . 2004-06-01 00:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-07 18:36 . 2004-06-01 00:48 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-04-07 18:36 . 2008-04-08 00:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-07 18:36 . 2004-05-31 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-04-07 18:36 . 2004-05-31 17:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-04-07 18:08 . 2008-04-07 18:08 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 21:43 . 2008-04-02 02:10 355 ---hs---- C:\WINDOWS\system32\qvjvqviu.ini
2008-03-31 20:29 . 2008-03-31 22:42 1,597,414 ---hs---- C:\WINDOWS\system32\rnxeeiwj.ini
2008-03-30 20:02 . 2008-03-31 20:29 1,597,294 ---hs---- C:\WINDOWS\system32\tcqvprof.ini
2008-03-29 00:04 . 2008-03-29 19:54 1,583,757 ---hs---- C:\WINDOWS\system32\kjdwdtid.ini
2008-03-28 19:08 . 2008-03-28 19:59 1,554,223 ---hs---- C:\WINDOWS\system32\btxtyyma.ini
2008-03-28 18:33 . 2008-03-28 18:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-28 18:33 . 2008-03-28 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 16:35 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-28 16:29 . 2008-04-07 18:32 <REP> d-------- C:\Documents and Settings\c\.housecall6.6
2008-03-27 19:09 . 2008-03-28 18:17 1,584,101 ---hs---- C:\WINDOWS\system32\xhptuywh.ini
2008-03-27 17:06 . 2008-03-27 17:06 1,583,681 ---hs---- C:\WINDOWS\system32\cjujjgdd.ini
2008-03-26 21:59 . 2008-03-28 20:00 1,020 --a------ C:\WINDOWS\cookies.MSNFix
2008-03-26 17:01 . 2008-03-27 17:03 1,583,621 ---hs---- C:\WINDOWS\system32\edbsqsks.ini
2008-03-25 20:06 . 2008-03-25 20:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.MSNFix
2008-03-25 20:05 . 2008-04-07 18:31 <REP> d-------- C:\WINDOWS\system32\xir
2008-03-25 20:05 . 2008-03-26 18:39 <REP> d-------- C:\WINDOWS\system32\imd4
2008-03-25 20:05 . 2008-03-25 20:05 <REP> d-------- C:\WINDOWS\system32\DL
2008-03-25 20:05 . 2008-03-25 20:05 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-25 20:03 . 2008-04-08 17:56 <REP> d-------- C:\Temp
2008-03-25 20:01 . 2008-03-28 16:56 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 14:57 . 2008-04-08 00:48 <REP> d-------- C:\Program Files\Steam
2008-03-25 14:44 . 2008-04-07 19:37 903 --a------ C:\WINDOWS\wininit.ini
2008-03-23 10:24 . 2008-03-25 14:40 <REP> d-------- C:\Program Files\WON
2008-03-23 09:56 . 1998-10-30 23:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-03-11 16:10 . 2008-03-11 16:10 <REP> d-------- C:\WINDOWS\popup
2008-03-11 16:10 . 2008-03-11 16:10 <REP> d-------- C:\WINDOWS\Groups
2008-03-11 16:10 . 2008-03-11 16:10 <REP> d-------- C:\WINDOWS\Favorites

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 16:03 --------- d-----w C:\Program Files\Wanadoo
2008-04-08 12:57 --------- d-----w C:\Program Files\lx_cats
2008-04-07 18:18 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-07 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 16:31 --------- d-----w C:\Program Files\Common Files
2008-04-04 01:18 --------- d-----w C:\Documents and Settings\c\Application Data\dvdcss
2008-03-28 14:57 --------- d-----w C:\Program Files\Booster Wanadoo
2008-03-28 14:35 --------- d-----w C:\Program Files\Java
2008-03-26 02:28 --------- d-----w C:\Program Files\eMule
2008-03-12 20:45 --------- d-----w C:\Documents and Settings\c\Application Data\MSN6
2008-02-29 19:19 --------- d-----w C:\Documents and Settings\c\Application Data\Microgaming
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-01-02 19:57 61,960 ----a-w C:\Documents and Settings\c\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 13:22 4730880]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 09:21 245760]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152]
"HP Software Update"="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:56 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 10:01 88363 C:\WINDOWS\AGRSMMSG.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2006-10-23 16:51 286720]
"Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-10-26 08:33 299008]
"EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-10-06 11:01 77824]
"LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-16 03:25 106496]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-07 20:50 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\lxcqcoms.exe"=
"C:\\Program Files\\Steam\\SteamApps\\serbo90\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\serbo90\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 lxcq_device;lxcq_device;C:\WINDOWS\system32\lxcqcoms.exe [2006-11-06 18:21]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 DCamUSBET151;USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc05ebda-9604-11dc-b1ad-000fb03e4771}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 18:02:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?9?4?7??P???? ???B???????????????B? ??????

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-08 18:08:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 16:08:19
Pre-Run: 37,299,126,272 octets libres
Post-Run: 37,240,541,184 octets libres
.
2008-03-12 19:25:20 --- E O F ---
0
SEBSEB
 
Suis-je toujours infecté ??
Voila un rapport hijack apres les scanset nettoyage

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:51, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Booster Orange.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Afficher l'image non compressée - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/227
O8 - Extra context menu item: Afficher toutes les images non compressées - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/250
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\BetwayMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040 > SEBSEB
 
analyse ces fichiers sur virus total: et si inféctés tu les mets dans la citation otmovit: https://www.virustotal.com/gui/

C:\WINDOWS\system32\qvjvqviu.ini
C:\WINDOWS\system32\rnxeeiwj.ini
C:\WINDOWS\system32\tcqvprof.ini
C:\WINDOWS\system32\kjdwdtid.ini
C:\WINDOWS\system32\btxtyyma.ini
C:\WINDOWS\system32\xhptuywh.ini
C:\WINDOWS\system32\cjujjgdd.ini
C:\WINDOWS\system32\edbsqsks.ini

___________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :




clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

vire ce qui est dans moved files en allant dans C puis OTMOVIT

_________________________
encore des problèmes???
0
Réponse 2 / 2
lol
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BFEA982-9F40-4181-8DA1-9A7C91CB117B} - (no file)
O2 - BHO: (no name) - {0CDAB007-7588-4459-A277-12BAFC9F6D44} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {2B7643CE-88FB-4E04-9A7C-9E839DAC08C9} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: (no name) - {4318A528-50C7-43E5-93C4-763F150B9237} - (no file)
O2 - BHO: (no name) - {46297DE9-7FCD-4950-B200-AFB110DC1113} - (no file)
O2 - BHO: (no name) - {4B6159EE-3BEF-4915-B836-F03B0C183342} - (no file)

O2 - BHO: (no name) - {537354fa-cc73-48b0-8ab2-08c3a7cdd90e} - (no file)
O2 - BHO: (no name) - {6664CDE0-A32E-423B-923B-B63E035051D4} - (no file)
O2 - BHO: (no name) - {7354fc71-a1a2-4464-ba72-e6e6a8d306bf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C551F0C-AC8B-46B1-AA0E-C7AE859F9DAA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8eb7222d-f327-47fd-baee-a0c8e0ad3783} - (no file)
O2 - BHO: (no name) - {96E222A9-0B7C-477A-A48C-AF603553BA1C} - (no file)
O2 - BHO: (no name) - {9B7E007E-295E-426C-A57D-EE9D2E74AE2F} - (no file)
O2 - BHO: (no name) - {9ca2db6b-7c87-4494-9630-ddf35dc037e3} - (no file)
O2 - BHO: (no name) - {9CB22642-973B-4344-B05A-89EBF3D501DA} - (no file)
O2 - BHO: (no name) - {A254C2CC-81AB-47F7-9761-46277B1B8521} - (no file)
O2 - BHO: (no name) - {B8DFD44F-C9ED-48F0-B458-9413258C2B75} - (no file)
O2 - BHO: (no name) - {C5C4BFEC-BFFA-473D-AA37-21EBF71C01C4} - (no file)
O2 - BHO: (no name) - {c6f6eb04-b2fc-428d-b2d0-ad7542a55a2d} - (no file)
O2 - BHO: (no name) - {DA5F827F-2AD5-4D1C-9910-D9986842BF31} - (no file)
O2 - BHO: (no name) - {e8c36228-838b-4169-b534-b5444e557551} - (no file)
O2 - BHO: (no name) - {ED1D943C-5175-4D77-9D74-9592BABF1F70} - (no file)
O2 - BHO: (no name) - {F7550D4A-0AC9-46BF-A9CE-5ED8AB6EB045} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

fixe tou sa ensuit eva dan demarer/EXECUTER/tu tape *msconfig*san les etoile tu vas dan service tu met masker les service microsoft et la tu decoche tout sauf ton parfeu et ton antivirus pareille pour demarage et redemare ensuite on vera
0

Discussions similaires

TI college plus (calculatrice probleme)
help39 -
Utilisateur anonyme -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
comment taper log10 sur une TI83plus.fr ?
FFFred -
FFFred -

2 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses