Analyse log Hijack Résolu

Question

Bonjour, je vous met mon log hijack, l'ordi est très infecté et très lent!
merci d'avance de votre aide !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:51, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAIDaid_tool.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system32\jnwnw64p.exe
C:\WINDOWS\system32\ocntokdn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 213.251.184.209 L2authd.lineage2.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAIDaid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [{E5-55-54-4A-DW}] C:\windows\system32\jnwnw64p.exe DWram
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll" DllInit
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [BMe7fd6679] Rundll32.exe "C:\WINDOWS\system32\plcgtlik.dll",s
O4 - HKLM\..\Run: [e4ce55e5] rundll32.exe "C:\WINDOWS\system32\qcjhqjgr.dll",b
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\ATTALI\Application Data\Microsoft\Windows\vuqrdvx.exe
O4 - HKCU\..\Run: [Zpe] "C:\Program Files\Common Files\??sks
?tdde.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\F\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)

ben_75 · Answer

s'il vous plait, je n'ai pas le temps...
personne pour m'aider?? svp

ben_75 · Answer

je fait une analyse complete malwarebytes
Qqn peut m'aider, svp svp

cedric241 · Answer

oui moi 

poste moi le rapport maleware byte + un nouveau rapport hijackthi stp

ben_75 · Answer

ok merci cedric241 !

cedric241 · Answer

de nada

ben_75 · Answer

j'ai un pb, malaware a bugé juste à la fin donc j'ai pas de log?
t'a pas une solution rapide pour virer tout ces spywares?
MERCI

cedric241 · Answer

non faut passer maleware byte 

fais l examen rapide

ben_75 · Answer

c'est ce que je viens de faire mais c'est bizarre quand il termine je vais dans l'onglet resultats/log et ya rien
après je retourne dans recherche et rien non plus, mm pas de log dans C:/
je sais pas quoi faire..

cedric241 · Answer

ok refais un rapport hijackthis stp

ben_75 · Answer

non c'est bon j'ai réussi avc malwarebyte voici le log : ( je supprime la quarantaine?)

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 667

Type de recherche: Examen rapide
Eléments examinés: 38309
Temps écoulé: 9 minute(s), 26 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 51
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
C:\WINDOWS\system32\jnwnw64p.exe (Adware.ZeroSearch) -> Unloaded process successfully.
C:\WINDOWS\system32\ocntokdn.exe (Adware.ZeroSearch) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Unloaded module successfully.
C:\WINDOWS\system32\byxwwvwu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qcjhqjgr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkiiffd.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94de2967-3150-42d7-8f23-3ebd53dd3365} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94de2967-3150-42d7-8f23-3ebd53dd3365} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{05bec6ae-09bc-47c4-e3b2-777520557c1b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05bec6ae-09bc-47c4-e3b2-777520557c1b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT	estcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID	estCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
vcoi (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{389626b7-efd5-4894-8142-2746e4bc4988} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389626b7-efd5-4894-8142-2746e4bc4988} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkiiffd (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3540950f-f0fc-41d9-876d-11a84133d940} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfKg6wIP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E5-55-54-4A-DW} (Adware.ZeroSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g]eeV\mWhjlnspB (Adware.ZeroSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe7fd6679 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{389626b7-efd5-4894-8142-2746e4bc4988} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxwwvwu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxwwvwu  -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files
vcoi (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\byxwwvwu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uwvwwxyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwvwwxyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kswoawjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjwaowsk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qcjhqjgr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32gjqhjcq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	lhxnnnj.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnnnxhlt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\Microsoft\Windows\vuqrdvx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnwnw64p.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ocntokdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\agtlqcxv.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvtTmL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmijpbwj.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnlihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdedknot.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32wwnw64d.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yusqsban.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe_old (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMPmbroit.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Temp	mp16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Temp\uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\21OT8X4H\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Temporary Internet Files\Content.IE5\4HUNCXYZ\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Tempmbroit.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files
vcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio18\bharebio182328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wprmwfos.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkiiffd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yayxwvvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

ben_75 · Answer

bon je supprime la quarantaine et je te met le log de hijack

cedric241 · Answer

pour finir la désinfection redémarre le pc

ensuite supprime ce qui a en quarantaine

puis poste moi un rapport hijackthis

ben_75 · Answer

voila hijack après malware :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:50, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAIDaid_tool.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 213.251.184.209 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {613E1039-2493-4493-84E3-2E8E21F6FA5E} - C:\WINDOWS\system32\byxwwvwu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {e8a0943a-1138-459a-5ec4-dc6626ad6839} - {9386da62-66cd-4ce5-a954-8311a3490a8e} - C:\WINDOWS\system32\dsvuqnap.dll
O2 - BHO: (no name) - {A22A1728-893A-4414-9EAF-26A5B09A7186} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAIDaid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [e4ce55e5] rundll32.exe "C:\WINDOWS\system32\kgibutdg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Zpe] "C:\Program Files\Common Files\??sks
?tdde.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\F\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)

ben_75 · Answer

l'ordi est tjs infecté j'ai fait un test de pop up c'est négatif..

cedric241 · Answer

ouais l ordi est encore infecté 

fais ça :

Télécharge combofix.exe (par sUBs) sur ton Bureau. 

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

-> Double clique combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ben_75 · Answer

voila:

ComboFix 08-04-20.5 - ATTALI 2008-04-22 0:26:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.104 [GMT 2:00]
Endroit: C:\Documents and Settings\ATTALI\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\sstem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\auyhtmxm.dll
C:\WINDOWS\system32\bvslveus.dll
C:\WINDOWS\system32\dsvuqnap.dll
C:\WINDOWS\system32\elstcpfp.ini
C:\WINDOWS\system32\gdtubigk.ini
C:\WINDOWS\system32\isvxdciw.ini
C:\WINDOWS\system32\kgibutdg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\npwslvoo.dll
C:\WINDOWS\system32\plcgtlik.dll
C:\WINDOWS\system32\qcjhqjgr.dll
C:\WINDOWS\system32\tnofnbjo.dll
C:\WINDOWS\system32\uwvwwxyb.ini
C:\WINDOWS\system32\uwvwwxyb.ini2
C:\WINDOWS\system32\vlhorfai.dll
C:\WINDOWS\system32\vxmrqyvh.dll
C:\WINDOWS\system32\vyevjewv.ini
C:\WINDOWS\system32\wprmwfos.dll
C:\WINDOWS\system32\wsxvmwkl.ini
C:\WINDOWS\system32\xcxkjvgl.ini
C:\WINDOWS\system32\yaobrvum.dll
C:\WINDOWS\system32\yhukchjh.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 22:43 . 2008-04-21 22:43 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\Malwarebytes
2008-04-21 22:40 . 2008-04-21 22:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 22:40 . 2008-04-21 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 16:58 . 2008-04-21 16:58 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:50 . 2008-04-21 16:59 9,089,599 --a------ C:\WINDOWS\system32\SBSP.dat
2008-04-21 16:50 . 2008-04-21 16:59 1,100 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-21 16:50 . 2008-04-21 16:51 104 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-20 14:00 . 2008-04-20 15:02 1,434 ---hs---- C:\WINDOWS\system32\shrfnojw.ini
2008-04-19 12:41 . 2008-04-20 13:55 1,314 ---hs---- C:\WINDOWS\system32\xoilpjyu.ini
2008-04-18 14:51 . 2008-04-18 14:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 14:51 . 2008-04-18 14:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-18 12:25 . 2008-04-19 12:41 594 ---hs---- C:\WINDOWS\system32\qcuflscp.ini
2008-04-17 18:30 . 2008-04-17 18:30 298,313 --a------ C:\WINDOWS\system32\gside.exe
2008-04-17 17:59 . 2008-04-17 17:59 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\Sunbelt Software
2008-04-17 17:59 . 2008-04-17 17:59 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-04-17 17:58 . 2008-04-17 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-17 12:24 . 2008-04-18 12:24 1,254 ---hs---- C:\WINDOWS\system32\xwhdibyx.ini
2008-04-17 09:32 . 2008-04-21 23:58 328,704 --------- C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll
2008-04-16 12:56 . 2008-04-17 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 12:05 . 2008-04-16 12:05 105,536 --------- C:\WINDOWS\system32\jacncuch.dll_old
2008-04-16 12:04 . 2008-04-16 12:04 100,928 --------- C:\WINDOWS\system32\jduwdsub.dll_old
2008-04-16 10:53 . 2008-04-16 10:53 105,536 --------- C:\WINDOWS\system32\wtvievaf.dll_old
2008-04-16 10:47 . 2008-04-16 10:47 100,928 --------- C:\WINDOWS\system32\gbukjhxl.dll_old
2008-04-15 11:29 . 2008-04-15 11:29 105,536 --------- C:\WINDOWS\system32\ffqhhsfn.dll_old
2008-04-14 23:44 . 2008-04-16 13:02 <REP> d-------- C:\Program Files\SpywareBlaster
2008-04-14 23:03 . 2008-04-14 23:03 101,952 --------- C:\WINDOWS\system32\usbhswti.dll_old
2008-04-14 19:58 . 2008-04-14 19:58 106,560 --------- C:\WINDOWS\system32\iuqgixjq.dll_old
2008-04-14 19:52 . 2008-04-14 19:52 101,952 --------- C:\WINDOWS\system32\lvjguwfa.dll_old
2008-04-14 18:09 . 2008-04-16 12:56 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-14 10:51 . 2008-04-14 10:51 106,560 --------- C:\WINDOWS\system32\jlauvvtw.dll_old
2008-04-14 10:47 . 2008-04-21 22:51 109,785 --a------ C:\WINDOWS\BMe7fd6679.xml
2008-04-14 10:46 . 2008-04-14 10:46 101,952 --------- C:\WINDOWS\system32\irskxpmn.dll_old
2008-04-14 00:27 . 2008-04-14 00:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-04-13 21:30 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-13 21:30 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-13 21:30 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-04-13 17:43 . 2008-04-21 23:58 372,224 --------- C:\WINDOWS\system32\byxwwvwu.dll
2008-04-13 17:41 . 2008-04-13 17:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-13 17:39 . 2008-04-21 14:26 936 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-13 17:38 . 2008-04-13 17:38 <REP> d-------- C:\WINDOWS\system32\MId2
2008-04-13 17:38 . 2008-04-17 20:48 <REP> d-------- C:\WINDOWS\system32\dtmp
2008-04-13 17:38 . 2008-04-13 17:38 <REP> d-------- C:\WINDOWS\system32\BL
2008-04-13 17:38 . 2008-04-13 17:38 <REP> d-------- C:\Temp\wdlw14
2008-04-13 17:38 . 2008-04-22 00:26 <REP> d-------- C:\Temp
2008-04-13 17:38 . 2008-04-13 17:38 400,571 --a------ C:\WINDOWS\system32\g4.exe
2008-04-13 17:38 . 2008-04-21 14:28 63,890 --a------ C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll-uninst.exe
2008-04-13 17:37 . 2008-04-21 23:58 31,232 --------- C:\WINDOWS\system32\jkkiiffd.dll
2008-04-13 17:30 . 2008-04-13 17:30 <REP> d-------- C:\Program Files\VSO
2008-04-13 17:30 . 2008-04-14 11:07 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\Vso
2008-04-13 17:30 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-13 17:30 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-13 17:30 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-13 17:30 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-13 17:30 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-13 17:30 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-13 17:30 . 2008-04-13 17:30 87,608 --a------ C:\Documents and Settings\ATTALI\Application Data\inst.exe
2008-04-13 17:30 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-13 17:30 . 2008-04-13 17:30 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-13 17:30 . 2008-04-13 17:30 47,360 --a------ C:\Documents and Settings\ATTALI\Application Data\pcouffin.sys
2008-04-13 17:25 . 2008-04-17 12:19 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 17:25 . 2008-04-13 17:37 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-13 17:17 . 2008-04-13 17:17 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-13 17:00 . 2008-04-16 12:07 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\LimeWire
2008-04-11 17:46 . 2008-04-21 23:58 334,848 --------- C:\WINDOWS\system32\myss_sb.dll
2008-03-24 12:09 . 2008-03-24 12:09 <REP> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 10:22 --------- d-----w C:\Program Files\Common Files
2008-04-13 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-09 18:17 --------- d-----w C:\Program Files\Java
2006-09-15 08:37 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1992-03-10 00:10 94,720 ----a-w C:\Program Files\CARDFILE.EXE
1992-03-10 00:10 60,128 ----a-w C:\Program Files\CALENDAR.EXE
2006-09-14 20:57 56 --sh--r C:\WINDOWS\system32\21EB4DD478.sys
2006-09-14 20:57 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E1039-2493-4493-84E3-2E8E21F6FA5E}]
2008-04-21 23:58 372224 --------- C:\WINDOWS\system32\byxwwvwu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08 4937512]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 13:23 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Zpe"="C:\Program Files\Common Files\??sks\n?tdde.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 05:10 450560]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 08:54 589824]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40 462848]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 11:45 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\ocntokdn.exe" [ ]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [ ]
"SBRegRebootCleaner"="C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinSpooler.exe
"WinUpdating"= WinUpdating.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Documents and Settings\\ATTALI\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c6dc0ae-306d-11dc-bfff-001617209024}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7b947ee-0ba3-11dd-80fa-001617209024}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7b947ef-0ba3-11dd-80fa-001617209024}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-18 11:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 00:30:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\ocntokdn.exe DWram"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0[/u]\FTCOMModule.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 0:35:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 22:34:54

Pre-Run: 27,993,948,160 octets libres
Post-Run: 28,010,938,368 octets libres

236

cedric241 · Answer

ok un rapport hijackthis stp

ben_75 · Answer

tien :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:47, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAIDaid_tool.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {613E1039-2493-4493-84E3-2E8E21F6FA5E} - C:\WINDOWS\system32\byxwwvwu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAIDaid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Zpe] "C:\Program Files\Common Files\??sks
?tdde.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\F\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)

cedric241 · Answer

supprime ces lignes 

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 

O2 - BHO: (no name) - {613E1039-2493-4493-84E3-2E8E21F6FA5E} - C:\WINDOWS\system32\byxwwvwu.dll 

O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram 

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe 
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe 
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe 
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe 

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres fais ça :

Démarrer > executer > ' services.msc ' , 

- Clic droit sur le service cité - Sunbelt CounterSpy Antispyware 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

2) Supprime le dossier : 

Va dans "C:\program files\" trouve & supprime le dossier "Sunbelt Software"

pui refais un scan hijackthis et poste le nouveau rapport

ben_75 · Answer

OK par contre O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram 
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe 
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe 
n'y étaient pas et sunbelt software je l'avait déjà supprimé dans programe files

log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:56, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\F\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

cedric241 · Answer

ok le rapport est propre sauf cette ligne :

O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) 

pour la supprimer fais ça :

Démarrer > executer > ' services.msc ' , 

- Clic droit sur le service cité - Service de l'iPod 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

2) Supprime le dossier : 

Va dans "C:\program files\" trouve & supprime le dossier " iPod " 

ensuite suis cette procédure :


Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé. 
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas. 
De plus ils sont mis régulièrement à jours. 


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau. 


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe > 
? Clique sur .Recherche 
? puis sur Suppression quand la liste est trouvée. 
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante : 

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches. 
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter" 

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau 

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

ben_75 · Answer

c'est bon je met pas le log je pense que sa sert à rien par contre il n'y avait pas ipod dan programe files sinon merci bcp super forum super modérateur
merci bcp
en revoir ( je met en résolu )

cedric241 · Answer

ok bon surf

Analyse log Hijack

23 réponses

Votre réponse

Discussions similaires