Spywares, help !

ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention   -  
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour à tous !

Alors j'aimerais vous exposer mon problème.

J'ai récemment chopé une espèce de spyware bien chiant, un fond d'écran qui s'est installé sur mon ordinateur, avec des hamsters qui sortaient de trous, pour présenter des jeux en ligne. En bas il y avait des liens publicitaires, renouvelés de temps en temps.

J'ai donc téléchargé gratuitement des démos de logiciels pour détecter les spywares, et j'ai eu ceci en résultat :
http://img254.imageshack.us/img254/3845/sreenshotresultatscanviqe6.png
Seulement, seule la détection est gratuite, la suppression payante.

Donc j'ai re-scanné et supprimé les spywares avec Ad-Aware, mais apparemment, tout n'a pas été supprimé, puisque mon ordinateur rame un peu, et je ne peux pas, par exemple, accéder à la page d'identification pour ma boîte hotmail, ou lire des vidéos sur Youtube.

Alors j'ai utilisé HijAckThis comme j'ai pu voir dans certains sujets du forum, j'ai fait le scan (résultats ci-dessous), mais après je ne sais pas du tout ce qu'il faut en faire.

Si vous pouviez m'aider ce serait très sympa !
D'avance merci !!!

46 réponses

Réponse 1 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:43, on 10/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\MICROSTAR\Application Data\Simply Super Software\Trojan Remover\oswD6.exe
C:\Documents and Settings\MICROSTAR\Application Data\Simply Super Software\Trojan Remover\oswD6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MICROSTAR\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\awtqnkhe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {700681b1-1a95-0c3b-d964-14eb64d84c0c} - {c0c48d46-be41-469d-b3c0-59a11b186007} - C:\WINDOWS\system32\twtufyfu.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BM7fa56050] Rundll32.exe "C:\WINDOWS\system32\wptvayyo.dll",s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\10467\cdrev132.exe.vir
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\SYSTEM32\awtqnkhe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
0
Réponse 2 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Salut,
c'est très chargé en infection ;)

Commence par ce-ci :
Télécharges Vundofix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double-cliquer sur VundoFix.exe afin de le lancer.
Cliquer sur le bouton Scan for Vundo.

Lorsque le scan est complété, cliquer sur le bouton fix Vundo.

Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES

Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.

Le contenu du rapport est situé dans C:\vundofix.txt : postes ce rapport avec aussi un nouveau rapport Hijackthis pour annalyse .
0
Réponse 3 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Merci pour ce premier test :)
Oui c'est bien chargé !


Le résultat pour Vundo est :


VundoFix V7.0.3

Scan started at 14:28:03 10/05/08

Listing files found while scanning....

No infected files were found.


Donc je n'ai rien eu à supprimer, et pas eu à redémarrer non plus.
0
Réponse 4 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
On continue :
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Voici le rapport VGB :


[05/10/2008, 15:38:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\MICROSTAR\Bureau\VirtumundoBeGone.exe" )
[05/10/2008, 15:38:49] - Detected System Information:
[05/10/2008, 15:38:49] - Windows Version: 5.1.2600, Service Pack 2
[05/10/2008, 15:38:49] - Current Username: MICROSTAR (Admin)
[05/10/2008, 15:38:49] - Windows is in NORMAL mode.
[05/10/2008, 15:38:49] - Searching for Browser Helper Objects:
[05/10/2008, 15:38:49] - BHO 1: {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} ()
[05/10/2008, 15:38:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2008, 15:38:49] - Checking for HKLM\...\Winlogon\Notify\awtqnkhe
[05/10/2008, 15:38:49] - Found: HKLM\...\Winlogon\Notify\awtqnkhe - This is probably Virtumundo.
[05/10/2008, 15:38:49] - Assigning {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} MSEvents Object
[05/10/2008, 15:38:49] - BHO list has been changed! Starting over...
[05/10/2008, 15:38:49] - BHO 1: {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} (MSEvents Object)
[05/10/2008, 15:38:49] - ALERT: Found MSEvents Object!
[05/10/2008, 15:38:49] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/10/2008, 15:38:49] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/10/2008, 15:38:49] - BHO 4: {c0c48d46-be41-469d-b3c0-59a11b186007} ()
[05/10/2008, 15:38:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2008, 15:38:49] - Checking for HKLM\...\Winlogon\Notify\twtufyfu
[05/10/2008, 15:38:49] - Key not found: HKLM\...\Winlogon\Notify\twtufyfu, continuing.
[05/10/2008, 15:38:49] - Finished Searching Browser Helper Objects
[05/10/2008, 15:38:50] - *** Detected MSEvents Object
[05/10/2008, 15:38:50] - Trying to remove MSEvents Object...
[05/10/2008, 15:38:51] - Terminating Process: IEXPLORE.EXE
[05/10/2008, 15:38:51] - Terminating Process: RUNDLL32.EXE
[05/10/2008, 15:38:51] - Disabling Automatic Shell Restart
[05/10/2008, 15:38:51] - Terminating Process: EXPLORER.EXE
[05/10/2008, 15:38:52] - Suspending the NT Session Manager System Service
[05/10/2008, 15:38:52] - Terminating Windows NT Logon/Logoff Manager
[05/10/2008, 15:38:54] - Re-enabling Automatic Shell Restart
[05/10/2008, 15:38:54] - File to disable: C:\WINDOWS\system32\awtqnkhe.dll
[05/10/2008, 15:38:54] - Renaming C:\WINDOWS\system32\awtqnkhe.dll -> C:\WINDOWS\system32\awtqnkhe.dll.vir
[05/10/2008, 15:38:54] - File successfully renamed!
[05/10/2008, 15:38:54] - Removing HKLM\...\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}
[05/10/2008, 15:38:54] - Removing HKCR\CLSID\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}
[05/10/2008, 15:38:54] - Adding Kill Bit for ActiveX for GUID: {4F96CCB9-01EC-419E-AAEA-C2C913F2A236}
[05/10/2008, 15:38:55] - Deleting ATLEvents/MSEvents Registry entries
[05/10/2008, 15:38:55] - Removing HKLM\...\Winlogon\Notify\awtqnkhe
[05/10/2008, 15:38:55] - Searching for Browser Helper Objects:
[05/10/2008, 15:38:55] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/10/2008, 15:38:55] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/10/2008, 15:38:55] - BHO 3: {c0c48d46-be41-469d-b3c0-59a11b186007} ()
[05/10/2008, 15:38:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/10/2008, 15:38:55] - Checking for HKLM\...\Winlogon\Notify\twtufyfu
[05/10/2008, 15:38:55] - Key not found: HKLM\...\Winlogon\Notify\twtufyfu, continuing.
[05/10/2008, 15:38:55] - Finished Searching Browser Helper Objects
[05/10/2008, 15:38:55] - Finishing up...
[05/10/2008, 15:38:55] - A restart is needed.
[05/10/2008, 15:39:05] - Attempting to Restart via STOP error (Blue Screen!)




Et le nouveau rapport Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:10, on 10/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MICROSTAR\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {700681b1-1a95-0c3b-d964-14eb64d84c0c} - {c0c48d46-be41-469d-b3c0-59a11b186007} - C:\WINDOWS\system32\twtufyfu.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BM7fa56050] Rundll32.exe "C:\WINDOWS\system32\wptvayyo.dll",s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\10467\cdrev132.exe.vir
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
0
Réponse 6 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Il y qlques chose que je n'avais pas vue au début : supprimes ton hijackthis car instalé comme ça , il ne dévoile pas forcément tout .

Ensuite fais exactement comme ce-ci:

Télécharges et instales le logiciel HijackThis :

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

Important :
1-Faire un click droit sur le lien ci-dessus et choisir "enregistrer la cible sous ... " et renommer Hijackthis en "thejack" .

Cliker sur thejack.exe pour lancer l'instale . laisses toi guider et instale le à l'endroit par défaut ( C\: programme file \ ) .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

2-Renommer le prg HijackThis :
dans "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe", clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...
0
Réponse 7 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà, j'ai suivi tes instructions, et voici le nouveau rapport Hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:37, on 10/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {700681b1-1a95-0c3b-d964-14eb64d84c0c} - {c0c48d46-be41-469d-b3c0-59a11b186007} - C:\WINDOWS\system32\twtufyfu.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BM7fa56050] Rundll32.exe "C:\WINDOWS\system32\wptvayyo.dll",s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\10467\cdrev132.exe.vir
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
0
Réponse 8 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
voilà ce que tu vas faire maintenant :
Télécharges ComboFix (par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

Démarrer en mode sans echec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Double cliquer combofix.exe.

Appuyer sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Redémarres ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse .
0
Réponse 9 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
C'est fait, et voilà les rapports :




ComboFix 08-05-09.1 - MICROSTAR 2008-05-10 17:29:33.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\MICROSTAR\Bureau\C-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\pskt.ini
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\Babddfii.ini
C:\WINDOWS\system32\Babddfii.ini2
C:\WINDOWS\system32\eKUtDfhk.ini
C:\WINDOWS\system32\eKUtDfhk.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\twtufyfu.dll
C:\WINDOWS\system32\wptvayyo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
.

2008-05-10 16:38 . 2008-05-10 16:38 <REP> d-------- C:\Program Files\Trend Micro
2008-05-10 14:28 . 2008-05-10 14:28 <REP> d-------- C:\VundoFix Backups
2008-05-10 13:04 . 2008-05-10 13:04 91,712 --a------ C:\WINDOWS\system32\ecnibbab.dll.vir
2008-05-10 13:04 . 2008-05-10 13:04 2,112 --a------ C:\WINDOWS\system32\vkebfokn.exe
2008-05-10 13:01 . 2008-05-10 14:23 109,851 --a------ C:\WINDOWS\BM7fa56050.xml
2008-05-10 13:00 . 2008-05-10 13:00 277,504 --a------ C:\WINDOWS\system32\khfDtUKe.dll.vir
2008-05-10 09:32 . 2008-05-10 09:35 <REP> d-------- C:\softs antispyware
2008-05-09 06:29 . 2008-05-09 06:29 <REP> d-------- C:\Program Files\Lavasoft
2008-05-09 06:29 . 2008-05-09 06:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 06:28 . 2008-05-09 06:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-08 23:49 . 2008-05-10 12:55 <REP> d-------- C:\Program Files\PestBlock
2008-05-08 17:52 . 2008-05-08 17:52 280,576 --a------ C:\WINDOWS\system32\iifddbaB.dll.vir
2008-05-08 17:49 . 2008-05-08 17:49 <REP> d-------- C:\Program Files\Trojan Remover
2008-05-08 17:49 . 2008-05-08 17:49 <REP> d-------- C:\Documents and Settings\MICROSTAR\Application Data\Simply Super Software
2008-05-08 17:49 . 2008-05-08 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-08 17:49 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-08 17:49 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-08 17:49 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-08 17:49 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-08 17:49 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\RUNDLL32.EXE
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\ATI2MDXX.EXE
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\1.EXE
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\.EXE
2008-05-07 21:55 . 2008-05-10 14:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 21:46 . 2008-05-08 17:52 <REP> d-------- C:\Program Files\dbar
2008-05-07 21:46 . 2008-05-07 21:46 <REP> d-------- C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}
2008-05-07 17:47 . 2008-05-10 09:30 <REP> d--hs---- C:\WINDOWS\TUlDUk9TVEFS
2008-05-07 17:47 . 2008-05-10 09:30 <REP> d-------- C:\WINDOWS\system32\sX1
2008-05-07 17:47 . 2008-05-07 17:47 <REP> d-------- C:\WINDOWS\system32\nBL
2008-05-07 17:47 . 2008-05-08 17:51 <REP> d-------- C:\WINDOWS\system32\10467
2008-05-07 17:47 . 2008-05-08 17:52 <REP> d-------- C:\Program Files\winvi
2008-05-07 17:47 . 2008-05-07 17:47 37,376 --a------ C:\WINDOWS\mrofinu1188.exe
2008-05-07 17:47 . 2008-05-07 17:47 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe.vir
2008-05-07 17:47 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-05-07 17:46 . 2008-05-07 17:46 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-07 17:46 . 2008-05-07 17:47 <REP> d-------- C:\Temp\maxsv15
2008-05-07 17:46 . 2008-05-10 17:29 <REP> d-------- C:\Temp
2008-05-07 17:46 . 2008-05-07 17:46 44,544 --a------ C:\WINDOWS\system32\awtqnkhe.dll.vir
2008-05-07 11:06 . 2008-04-03 13:41 103,556 -r-hs---- C:\xyw9tmdj.com
2008-05-07 11:05 . 2008-04-03 13:41 103,556 --a------ C:\WINDOWS\system32\amvo.exe.vir
2008-05-05 21:01 . 2008-03-23 16:25 94,208 --a------ C:\Documents and Settings\MICROSTAR\lsass.exe.vir
2008-05-03 15:03 . 2008-05-03 15:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-03 15:03 . 2008-05-03 15:03 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 14:46 11,392 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-05-08 15:17 19,915 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-04 21:22 --------- d-----w C:\Program Files\StuffPlug3
2008-05-01 18:36 98,304 ----a-w C:\WINDOWS\DUMP7658.tmp
2008-05-01 15:41 98,304 ----a-w C:\WINDOWS\DUMP8d6b.tmp
2008-04-15 14:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-09 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-04-09 17:31 --------- d-----w C:\Documents and Settings\MICROSTAR\Application Data\OpenOffice.org2
2008-04-07 18:55 --------- d-----w C:\Program Files\adslTV
2008-04-04 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-01 17:45 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 17:44 --------- d-----w C:\Program Files\MSBuild
2008-04-01 17:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-18 22:47 --------- d-----w C:\Program Files\EphPod
2005-07-29 14:24 472 --sha-r C:\WINDOWS\TUlDUk9TVEFS\no5Go46npHIm.vbs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 19:23 62464 C:\WINDOWS\SOUNDMAN.EXE]
"Dit"="Dit.exe" [2003-11-17 14:36 102400 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PowerManage"="C:\Program Files\PowerManagement\pwrgui.exe" [2003-10-20 00:07 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-12-02 16:13 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-12-02 16:13 503808]
"pmsetup"="1" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 21:10 335872]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 22:33 487696]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-19 17:10 380928 C:\WINDOWS\system32\irprops.cpl]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-11 06:23 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 01:43 67488]
"dbar_starter"="C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe" [ ]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-29 18:51 876624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 16:29]
R2 WUSB54GPv4SVC;WUSB54GPv4SVC;"C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GPv4.exe" []
R3 DirectPort;DirectPort;C:\WINDOWS\System32\Drivers\DirectPort.sys [2003-08-27 02:23]
R3 EKBfltr;ENE Keyboard KB-3886;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2003-12-02 16:14]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 16:41]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\DRIVERS\USBCRFT.sys [2008-05-10 16:46]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-26 19:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f190472-d9bc-11d7-9de2-0060b31ebab2}]
\Shell\Auto\command - I:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e7634b-cf7a-11d7-9f41-0060b31ebab2}]
\Shell\AutoRun\command - I:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91c269ff-9a54-11da-9d2c-0060b31ebab2}]
\Shell\Auto\command - I:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9598871f-9808-11da-9d28-0060b31ebab2}]
\Shell\Auto\command - J:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97279af8-a7cf-11da-9d3f-0040cacb0d63}]
\Shell\Auto\command - I:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c210426b-04d4-11dd-9f33-00121761f1a6}]
\Shell\Auto\command - I:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da59dfcc-1c06-11dd-9f5f-0040cacb0d63}]
\Shell\AutoRun\command - I:\xyw9tmdj.com
\Shell\explore\Command - I:\xyw9tmdj.com
\Shell\open\Command - I:\xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3eae9df-cf7a-11d7-9f5b-0060b31ebab2}]
\Shell\AutoRun\command - J:\xyw9tmdj.com
\Shell\explore\Command - J:\xyw9tmdj.com
\Shell\open\Command - J:\xyw9tmdj.com

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2005-10-12 08:41:36 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 17:42:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-10 17:48:40 - machine was rebooted [MICROSTAR]
ComboFix-quarantined-files.txt 2008-05-10 15:48:27

Pre-Run: 10,250,293,248 octets libres
Post-Run: 11,562,246,144 octets libres

202 --- E O F --- 2008-04-23 20:41:52






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:41, on 10/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\10467\cdrev132.exe.vir
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
0
Réponse 10 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
1-Crée un doc texte sur ton bureau :
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée :

File::
C:\WINDOWS\system32\ecnibbab.dll.vir
C:\WINDOWS\system32\vkebfokn.exe
C:\WINDOWS\BM7fa56050.xml
C:\WINDOWS\system32\khfDtUKe.dll.vir
C:\WINDOWS\system32\iifddbaB.dll.vir
C:\WINDOWS\mrofinu1000106.exe.vir
C:\WINDOWS\system32\awtqnkhe.dll.vir
C:\WINDOWS\system32\amvo.exe.vir
C:\Documents and Settings\MICROSTAR\lsass.exe.vir

Folder::
C:\VundoFix Backups

Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...


2-Nettoyage :
!!Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!!Ne touche à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
0
Réponse 11 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Quand j'ai glissé-déposé le fichier texte sur ComboFix, je n'ai pas eu à taper 1, mais le programme s'est lancé quand même, et a fait le scan. Il y a eu un long "biiiiiiiip" juste avant de démarrer. Je ne sais pas si c'est normal, mais en tout cas voilà les rapports :)





ComboFix 08-05-09.1 - MICROSTAR 2008-05-10 18:44:17.2 - NTFSx86
Endroit: C:\Documents and Settings\MICROSTAR\Bureau\C-Fix.exe
Command switches used :: C:\Documents and Settings\MICROSTAR\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\MICROSTAR\lsass.exe.vir
C:\WINDOWS\BM7fa56050.xml
C:\WINDOWS\mrofinu1000106.exe.vir
C:\WINDOWS\system32\amvo.exe.vir
C:\WINDOWS\system32\awtqnkhe.dll.vir
C:\WINDOWS\system32\ecnibbab.dll.vir
C:\WINDOWS\system32\iifddbaB.dll.vir
C:\WINDOWS\system32\khfDtUKe.dll.vir
C:\WINDOWS\system32\vkebfokn.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MICROSTAR\lsass.exe.vir
C:\Documents and Settings\MICROSTAR\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\VundoFix Backups
C:\WINDOWS\BM7fa56050.xml
C:\WINDOWS\mrofinu1000106.exe.vir
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\amvo.exe.vir
C:\WINDOWS\system32\awtqnkhe.dll.vir
C:\WINDOWS\system32\ecnibbab.dll.vir
C:\WINDOWS\system32\iifddbaB.dll.vir
C:\WINDOWS\system32\khfDtUKe.dll.vir
C:\WINDOWS\system32\vkebfokn.exe
C:\WINDOWS\uninstall_nmon.vbs
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
.

2008-05-10 16:38 . 2008-05-10 16:38 <REP> d-------- C:\Program Files\Trend Micro
2008-05-10 09:32 . 2008-05-10 09:35 <REP> d-------- C:\softs antispyware
2008-05-09 06:29 . 2008-05-09 06:29 <REP> d-------- C:\Program Files\Lavasoft
2008-05-09 06:29 . 2008-05-09 06:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 06:28 . 2008-05-09 06:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-08 23:49 . 2008-05-10 12:55 <REP> d-------- C:\Program Files\PestBlock
2008-05-08 17:49 . 2008-05-08 17:49 <REP> d-------- C:\Program Files\Trojan Remover
2008-05-08 17:49 . 2008-05-08 17:49 <REP> d-------- C:\Documents and Settings\MICROSTAR\Application Data\Simply Super Software
2008-05-08 17:49 . 2008-05-08 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-08 17:49 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-08 17:49 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-08 17:49 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-08 17:49 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-08 17:49 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\RUNDLL32.EXE
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\ATI2MDXX.EXE
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\1.EXE
2008-05-08 12:07 . 2008-05-08 12:07 0 --a------ C:\Documents and Settings\MICROSTAR\.EXE
2008-05-07 21:55 . 2008-05-10 14:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 21:46 . 2008-05-08 17:52 <REP> d-------- C:\Program Files\dbar
2008-05-07 21:46 . 2008-05-07 21:46 <REP> d-------- C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}
2008-05-07 17:47 . 2008-05-10 09:30 <REP> d--hs---- C:\WINDOWS\TUlDUk9TVEFS
2008-05-07 17:47 . 2008-05-10 09:30 <REP> d-------- C:\WINDOWS\system32\sX1
2008-05-07 17:47 . 2008-05-07 17:47 <REP> d-------- C:\WINDOWS\system32\nBL
2008-05-07 17:47 . 2008-05-08 17:51 <REP> d-------- C:\WINDOWS\system32\10467
2008-05-07 17:47 . 2008-05-08 17:52 <REP> d-------- C:\Program Files\winvi
2008-05-07 17:46 . 2008-05-07 17:46 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-07 17:46 . 2008-05-07 17:47 <REP> d-------- C:\Temp\maxsv15
2008-05-07 17:46 . 2008-05-10 17:29 <REP> d-------- C:\Temp
2008-05-07 11:06 . 2008-04-03 13:41 103,556 -r-hs---- C:\xyw9tmdj.com
2008-05-03 15:03 . 2008-05-03 15:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-03 15:03 . 2008-05-03 15:03 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 14:46 11,392 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-05-08 15:17 19,915 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-04 21:22 --------- d-----w C:\Program Files\StuffPlug3
2008-05-01 18:36 98,304 ----a-w C:\WINDOWS\DUMP7658.tmp
2008-05-01 15:41 98,304 ----a-w C:\WINDOWS\DUMP8d6b.tmp
2008-04-15 14:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-09 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-04-09 17:31 --------- d-----w C:\Documents and Settings\MICROSTAR\Application Data\OpenOffice.org2
2008-04-07 18:55 --------- d-----w C:\Program Files\adslTV
2008-04-04 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-01 17:45 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 17:44 --------- d-----w C:\Program Files\MSBuild
2008-04-01 17:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 22:47 --------- d-----w C:\Program Files\EphPod
2008-03-05 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-05 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-05 22:30 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET1F.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\SET11.tmp
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\SET12.tmp
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\SET58.tmp
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\SET50.tmp
2008-02-16 09:02 617,984 ----a-w C:\WINDOWS\system32\SET51.tmp
2008-02-16 09:02 474,624 ----a-w C:\WINDOWS\system32\SET52.tmp
2008-02-16 09:02 449,024 ----a-w C:\WINDOWS\system32\SET57.tmp
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\SET53.tmp
2008-02-16 09:02 1,024,000 ----a-w C:\WINDOWS\system32\SET60.tmp
2008-02-15 23:03 370,176 ----a-w C:\WINDOWS\system32\SET62.tmp
2005-07-29 14:24 472 --sha-r C:\WINDOWS\TUlDUk9TVEFS\no5Go46npHIm.vbs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 19:23 62464 C:\WINDOWS\SOUNDMAN.EXE]
"Dit"="Dit.exe" [2003-11-17 14:36 102400 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PowerManage"="C:\Program Files\PowerManagement\pwrgui.exe" [2003-10-20 00:07 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-12-02 16:13 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-12-02 16:13 503808]
"pmsetup"="1" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 21:10 335872]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 22:33 487696]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-19 17:10 380928 C:\WINDOWS\system32\irprops.cpl]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-11 06:23 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 01:43 67488]
"dbar_starter"="C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe" [ ]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-29 18:51 876624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
EzMail System.lnk - C:\Program Files\EzMail V3.1\Tray.exe [2003-08-27 02:14:14 36864]

C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
EzMail System.lnk - C:\Program Files\EzMail V3.1\Tray.exe [2003-08-27 02:14:14 36864]

C:\Documents and Settings\MICROSTAR\Menu D‚marrer\Programmes\D‚marrage\
EzMail System.lnk - C:\Program Files\EzMail V3.1\Tray.exe [2003-08-27 02:14:14 36864]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22 10872]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2003-08-16 10:52:51 55296]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 16:29]
R2 WUSB54GPv4SVC;WUSB54GPv4SVC;"C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GPv4.exe" []
R3 DirectPort;DirectPort;C:\WINDOWS\System32\Drivers\DirectPort.sys [2003-08-27 02:23]
R3 EKBfltr;ENE Keyboard KB-3886;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2003-12-02 16:14]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 16:41]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\DRIVERS\USBCRFT.sys [2008-05-10 16:46]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-26 19:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f190472-d9bc-11d7-9de2-0060b31ebab2}]
\Shell\Auto\command - I:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e7634b-cf7a-11d7-9f41-0060b31ebab2}]
\Shell\AutoRun\command - I:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91c269ff-9a54-11da-9d2c-0060b31ebab2}]
\Shell\Auto\command - I:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9598871f-9808-11da-9d28-0060b31ebab2}]
\Shell\Auto\command - J:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97279af8-a7cf-11da-9d3f-0040cacb0d63}]
\Shell\Auto\command - I:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c210426b-04d4-11dd-9f33-00121761f1a6}]
\Shell\Auto\command - I:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da59dfcc-1c06-11dd-9f5f-0040cacb0d63}]
\Shell\AutoRun\command - I:\xyw9tmdj.com
\Shell\explore\Command - I:\xyw9tmdj.com
\Shell\open\Command - I:\xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3eae9df-cf7a-11d7-9f5b-0060b31ebab2}]
\Shell\AutoRun\command - J:\xyw9tmdj.com
\Shell\explore\Command - J:\xyw9tmdj.com
\Shell\open\Command - J:\xyw9tmdj.com

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-10-12 08:41:36 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 18:47:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-10 18:49:29
ComboFix-quarantined-files.txt 2008-05-10 16:49:20

Pre-Run: 11,565,969,408 octets libres
Post-Run: 11,542,990,848 octets libres

214 --- E O F --- 2008-04-23 20:41:52








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:10, on 10/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe


End of file - 9593 bytes
0
Réponse 12 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
on continue , il reste pas mal de chose à voire ...

Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

!!Déconnectes toi,fermes toute tes applications et désactives tes défences ( anti-virus ,anti-spyware,...) le temps de la manipe !!

Installes le soft à la racine de C\ ( et pas ailleur! --->"C\:SmitfraudFix.exe" ) : double clique sur l'.exe pour le décompresser et lancer le fix.

Utilisation ----> option 1 - Recherche :
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

Postes le rapport ( rapport.txt qui se trouve sous C\: ) et attends la suite .

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
Réponse 13 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Alors je suis désolée, mais là maintenant je dois m'absenter, donc je mets en pause le sujet. Je rentre ce soir, et je ferai ce que tu m'as demandé ci-dessus. Encore désolée, et merci déjà pour ta patience et ton aide :) . A plus tard donc !
0
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Pas de prb ... ;)
Parcontre , n'utile pas ton PC à part pour venir ici , tu es encore pas mal infecté ...
0
Réponse 14 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Et me revoilà :)

Voilà le rapport pour SmitfraudFix.




SmitFraudFix v2.320

Rapport fait à 0:24:08.81, 11/05/08
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MICROSTAR


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MICROSTAR\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICROS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E7918E9-B7E3-481C-BC3B-59731FC859FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{31F44458-D524-4839-9298-CA3434EB08EE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0E7918E9-B7E3-481C-BC3B-59731FC859FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0E7918E9-B7E3-481C-BC3B-59731FC859FD}: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 15 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Ok =)
Suite de la manipe ( nettoyage ), fait exactement ce qui suit :

* Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

*Double click sur SmitfraudFix.exe

* Sélectionner 2 et presser Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer
le fond d'écran et supprimer les clés de registre de l'infection.

* Le correctif déterminera si le fichier wininet.dll est infecté.

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redemarrage sera peut être nécessaire pour terminer la procedure de nettoyage.

Le rapport se trouve à la racine de C\:
(dans le fichier rapport.txt)

postes moi ce dernier rapport accompagné d'un nouveau rapport hijackthis dans ton prochain message et attends les instructions ...

ps : n'oublis pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessus :)
0
Réponse 16 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Rapport de Smitfraud :




SmitFraudFix v2.320

Rapport fait à 2:02:44.67, 11/05/08
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E7918E9-B7E3-481C-BC3B-59731FC859FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{31F44458-D524-4839-9298-CA3434EB08EE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0E7918E9-B7E3-481C-BC3B-59731FC859FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0E7918E9-B7E3-481C-BC3B-59731FC859FD}: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin








Rapport de Hijackthis :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:32, on 11/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\starter.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe


End of file - 9279 bytes
0
Réponse 17 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Petite précision : je n'ai pas eu à corriger un fichier infecté. Juste à nettoyer le registre.
0
Réponse 18 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
Salut, pas de prb ...
Continue par ce-ci :
1-Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.

http://download.piriform.com/ccsetup205.exe

• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
-Internet Explorer: Fichiers Internet Temporaires, Cookies
- Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
-Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.

puis :
• Click sur Registre
• Sélectionner tout (par défaut )
• Click sur Chercher des erreurs (En bas)

Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
ps:faire la manipe plusieurs fois jusqu'a ce qu'il n'y est plus d'erreur

Après tout cela tu peut remettre les paramêtres de CCleaner par defaut ( soft à garder sur son PC , super utile pour de bons nettoyages ... ) .

2-Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double clique sur SDFix.exe et choisis "Install" .

Puis une fois l'instale faite ,redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
--->Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
0
Réponse 19 / 46
ChtiteFleur Messages postés 162 Date d'inscription   Statut Membre Dernière intervention  
 
Rapport SDFix :







[b]SDFix: Version 1.181 [/b]
Run by MICROSTAR on 11/05/08 at 12:18

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\MICROS~1\1.EXE - Deleted
C:\DOCUME~1\MICROS~1\ATI2MDXX.EXE - Deleted
C:\DOCUME~1\MICROS~1\RUNDLL32.EXE - Deleted
C:\DOCUME~1\MICROS~1\1.EXE - Deleted
C:\DOCUME~1\MICROS~1\ATI2MDXX.EXE - Deleted
C:\DOCUME~1\MICROS~1\RUNDLL32.EXE - Deleted
C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\local.xml - Deleted
C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\log.txt - Deleted
C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD}\version.ini - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Temp\maxsv15\rLCubd.log - Deleted
C:\WINDOWS\system32\bkEur18\bkEur182328.exe - Deleted
C:\Program Files\dbar\basis.xml - Deleted
C:\Program Files\dbar\channel.tmpl - Deleted
C:\Program Files\dbar\content.tmpl - Deleted
C:\Program Files\dbar\date.tmpl - Deleted
C:\Program Files\dbar\dbaruninst.exe - Deleted
C:\Program Files\dbar\deskbar.crc - Deleted
C:\Program Files\dbar\Deskbar.dll.vir - Deleted
C:\Program Files\dbar\deskbar.inf - Deleted
C:\Program Files\dbar\edit_rss.tmpl - Deleted
C:\Program Files\dbar\local.xml - Deleted
C:\Program Files\dbar\nav1.bmp - Deleted
C:\Program Files\dbar\nav2.bmp - Deleted
C:\Program Files\dbar\new_alert.tmpl - Deleted
C:\Program Files\dbar\version.ini - Deleted
C:\Program Files\dbar\version.txt - Deleted
C:\Program Files\winvi\Uninst.exe - Deleted
C:\Program Files\winvi\update.exe.vir - Deleted
C:\Program Files\winvi\version.ini - Deleted
C:\Program Files\winvi\wupda.exe.vir - Deleted
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js - Deleted
C:\Program Files\winvi\dsktp\desktop.html.vir - Deleted
C:\Program Files\winvi\dsktp\internetDetection.swf - Deleted
C:\Program Files\winvi\dsktp\settings.sol - Deleted
C:\Program Files\winvi\icons\bufferthis.ico - Deleted
C:\Program Files\winvi\icons\flashfunpages.ico - Deleted
C:\Program Files\winvi\icons\funnies.ico - Deleted
C:\Program Files\winvi\icons\funnyfunpages.ico - Deleted
C:\Program Files\winvi\icons\goodcleanvideos.ico - Deleted
C:\Program Files\winvi\icons\newfunpages.ico - Deleted
C:\Program Files\winvi\icons\positivethoughts.ico - Deleted
C:\Program Files\winvi\icons\removespyware.ico - Deleted
C:\Program Files\winvi\icons\thissiterocks.ico - Deleted



Folder C:\Documents and Settings\MICROSTAR\Application Data\Deskbar_{1E34CB7E-9451-4ce7-970F-251505BA23BD} - Removed
Folder C:\Program Files\dbar - Removed
Folder C:\Program Files\winvi - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\maxsv15 - Removed
Folder C:\WINDOWS\system32\bkEur18 - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 12:54:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:eb,5f,5d,a0,20,23,d2,5e,c9,38,e5,71,21,65,4c,31,c1,8c,18,7d,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,64,5b,ad,d4,85,ec,b3,f1,d4,f6,df,c5,d4,60,f2,1a,79,be,d4,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:36,ad,47,34,2f,16,30,f3,24,36,6e,e0,de,ae,58,c4,ab,9a,75,f4,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,13,5f,a2,a5,15,88,ff,52,e1,ad,58,f5,58,40,73,f0,68,14,3e,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,29,20,13,e2,bc,50,f7,1d,b3,90,92,33,d6,bb,17,6b,..
"khjeh"=hex:dd,5d,11,80,68,65,19,43,f5,57,7a,63,30,09,02,4e,e8,43,f7,e5,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a5,a2,1f,aa,e4,c3,e9,9e,0a,cd,6e,0c,0d,0e,b2,f9,90,2b,0d,27,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 3 Apr 2008 103,556 ..SHR --- "C:\xyw9tmdj.com"
Wed 13 Oct 2004 1,694,208 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 2 Apr 2008 62,188 ...H. --- "C:\Documents and Settings\MICROSTAR\Bureau\~WRL2433.tmp"
Wed 1 Oct 2003 286,208 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL0222.tmp"
Thu 29 Jan 2004 1,109,504 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL1577.tmp"
Thu 29 Jan 2004 782,336 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL1659.tmp"
Thu 29 Jan 2004 2,154,496 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL1736.tmp"
Thu 16 Oct 2003 24,576 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL2096.tmp"
Thu 29 Jan 2004 719,872 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL2371.tmp"
Sat 20 Sep 2003 2,578,944 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL2546.tmp"
Thu 29 Jan 2004 2,980,864 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL3056.tmp"
Sat 20 Sep 2003 740,352 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL3078.tmp"
Thu 29 Jan 2004 2,581,504 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL3403.tmp"
Thu 29 Jan 2004 1,141,760 A..H. --- "C:\Documents and Settings\MICROSTAR\Mes documents\~WRL3422.tmp"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Wed 21 Jul 2004 380 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti3.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BITB.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Fri 4 Apr 2008 479,744 ...H. --- "C:\Documents and Settings\MICROSTAR\Application Data\Microsoft\Word\~WRL1533.tmp"
Fri 4 Apr 2008 448,512 ...H. --- "C:\Documents and Settings\MICROSTAR\Application Data\Microsoft\Word\~WRL2552.tmp"

[b]Finished![/b]






Rapport Hijackthis :





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:36, on 11/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerManagement\pwrgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\EzMail V3.1\Tray.exe
C:\Program Files\EzMail V3.1\FormViewer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PowerManage] C:\Program Files\PowerManagement\pwrgui.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pmsetup] 1
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe (User 'Default user')
O4 - Startup: EzMail System.lnk = C:\Program Files\EzMail V3.1\Tray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe

End of file - 8925 bytes
0
Réponse 20 / 46
sKe69 Messages postés 21360 Date d'inscription   Statut Contributeur sécurité Dernière intervention   463
 
FIX des Lignes :

Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

Tu cliques en bas sur le bouton FIX CHECKED et valides .

2-Refait un coup de CCleaner ( Registre compris )

3-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives

Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .

3-Retélécharges Hijackthis ( Car effacer par ToolsCleaner ) comme indiqué ici ...

4-Télécharges MalwareByte's : ftp://ftp.commentcamarche.com/download/mbam-setup.exe
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

Instales le et mets le à jour .

Puis redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Lances Malwarebyte's .

Fais un scan dit "complet" et supprimes tout ce qu'il peut trouver ...
Un fichier texte s'ouvre à la fin du scan : sauvegardes le sur ton bureau .
Redémarres ton PC (mode normal ).
Postes le rapport sauvegardé accompagné d'un nouveau rapport Hijackthis pour contrôler ...
0

Discussions similaires

des spywares et Trojans envahissent mon pc
titite_baby -
titite_baby -

37 réponses