SOS pour neutraliser Malwarrior 2008

torerito -  
 torerito -
Bonjour, j'ai de gros problemes sur mon ordinateur à cause de Malwarrior 2008... Lenteur, pubs, gestionnaire des taches desactivé, etc etc etc

comment l'enlever?

voici mon rapport hijack

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CenterLock Class - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CenterLock\CenterLock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97F7302A-147C-4435-901C-184375993BE6} - C:\WINDOWS\system32\khfCsrOf.dll
O2 - BHO: (no name) - {9F7752AA-1E1D-41B4-A825-6B05BF6805FA} - C:\WINDOWS\system32\ddcBRigh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real Alternative\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [f4d93faa] rundll32.exe "C:\WINDOWS\system32\ovwlvpbj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer = 80.118.192.100,80.118.196.36
O20 - Winlogon Notify: khfCsrOf - C:\WINDOWS\SYSTEM32\khfCsrOf.dll
O21 - SSODL: ehKiFXfdMJRivWH - {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\System32\auoxcb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software -

Merci d'avance.
Configuration: Windows XP
Firefox 2.0.0.14

37 réponses

  • 1
  • 2
Résumé de la discussion

Une infection liée à MalWarrior 2008 provoque une lenteur système, des publicités intempestives et la désactivation du gestionnaire des tâches, compromettant gravement l'utilisation normale de Windows XP. Des conseils ont été proposés pour nettoyer le système, notamment l’usage de Malwarebytes en mode sans échec et la mise en quarantaine puis suppression des composants malveillants. D’autres outils ont été évoqués, tels qu Avira AntiVir, des scans du registre et des processus, ainsi que des procédures comme OTMoveIt ou HijackThis pour identifier et déplacer les éléments nuisibles. Des indications sur des fichiers suspects et des entrées de démarrage ont aussi été mentionnées, tout en recommandant d’éviter toute conclusion hâtive sur l’état du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    lance rogue remover et vire ce qui est trouvé tu me dira si il trouve des choses)

    pour info :
    http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

    pour telecharger :
    https://www.01net.com/telecharger/

    _____________________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

    3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
    ___________________

    recolle un nouvel hijakchtis et dis tes soucis
    0
    1. torerito
       
      merci pour ton aide!

      voila le rapport

      SmitFraudFix v2.320

      Rapport fait à 10:07:35,43, 15/05/2008
      Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\config.ini PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{154E26D8-3AF2-4C1C-BCE9-FF1F02B54608}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer=80.118.192.100,80.118.196.36
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{154E26D8-3AF2-4C1C-BCE9-FF1F02B54608}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer=80.118.192.100,80.118.196.36
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{154E26D8-3AF2-4C1C-BCE9-FF1F02B54608}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer=80.118.192.100,80.118.196.36
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin


      je vais maintenant redemarrer en mode sans echec et faire ce que tu m'as dit. je posterai le nouveau rapport hijack tout à l'heure.
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    a plus
    0
    1. torerito
       
      alors merci merci merci beaucoup! au redemarrage, pas de trace de malwarrior à l'horizon, le pc va plus vite..

      voici le nouveau rapport hijack

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:47:55, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: CenterLock Class - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CenterLock\CenterLock.dll
      O2 - BHO: (no name) - {38691C59-DCB3-4A12-A075-5E5D2AF5A4FE} - C:\WINDOWS\system32\ddcBRigh.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {97F7302A-147C-4435-901C-184375993BE6} - C:\WINDOWS\system32\khfCsrOf.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real Alternative\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [f4d93faa] rundll32.exe "C:\WINDOWS\system32\ovwlvpbj.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer = 80.118.192.100,80.118.196.36
      O20 - Winlogon Notify: khfCsrOf - C:\WINDOWS\SYSTEM32\khfCsrOf.dll
      O21 - SSODL: ehKiFXfdMJRivWH - {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    no adiso... c'est pas finit!!

    O2 - BHO: CenterLock Class - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CenterLock\CenterLock.dll
    O2 - BHO: (no name) - {38691C59-DCB3-4A12-A075-5E5D2AF5A4FE} - C:\WINDOWS\system32\ddcBRigh.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {97F7302A-147C-4435-901C-184375993BE6} - C:\WINDOWS\system32\khfCsrOf.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [f4d93faa] rundll32.exe "C:\WINDOWS\system32\ovwlvpbj.dll",b
    O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O20 - Winlogon Notify: khfCsrOf - C:\WINDOWS\SYSTEM32\khfCsrOf.dll
    O21 - SSODL: ehKiFXfdMJRivWH - {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll

    _____________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008
    C:\Program Files\CenterLock\CenterLock.dll
    C:\WINDOWS\system32\ddcBRigh.dll
    C:\WINDOWS\system32\khfCsrOf.dll
    C:\WINDOWS\system32\ovwlvpbj.dll
    C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
    C:\WINDOWS\system32\auoxcb.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ________________________

    vire ce qui est dans moved files en allant dans psote de travail puis C puis OTMOVIT

    ________________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. torerito
       
      re

      apres avoir fait OT move it, mon ordinateur connait de gros problemes
      au redemarrage, le pc semblait ne plus bien marcher
      le sablier saffiche en permanence, et je ne peux rien faire
      si avec le clavier je vais dans demarrer,, mes documents,,, l'ordi bloque, et au bout de secondes me dit que le chemin vers mes documents est introuvable
      que faire?
      la je suis en mode sans echec avec prise en charge réseau pour pouvoir venir te demander de l'aide
      merci de me repondre
      0
  4. torerito
     
    voila le rapport oT Move it

    File/Folder C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 not found.
    C:\Program Files\CenterLock\CenterLock.dll unregistered successfully.
    C:\Program Files\CenterLock\CenterLock.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcBRigh.dll
    C:\WINDOWS\system32\ddcBRigh.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\ddcBRigh.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfCsrOf.dll
    C:\WINDOWS\system32\khfCsrOf.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\khfCsrOf.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ovwlvpbj.dll
    C:\WINDOWS\system32\ovwlvpbj.dll NOT unregistered.
    C:\WINDOWS\system32\ovwlvpbj.dll moved successfully.
    File/Folder C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\auoxcb.dll
    C:\WINDOWS\system32\auoxcb.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\auoxcb.dll scheduled to be moved on reboot.
    0
    1. torerito
       
      est ce que je dois vraiment virer ce qu'il y a dans moved files? il y a un dossier program files avec dedans unt ruc nommé center lock, et un autre dossier windows, avec dedans un dossier system32
      0
      1. torerito > torerito
         
        bon j'ai viré ce qu'il y avait dans moved files, j'ai viré avast
        jai redemarré en mode normal, et tout va mieux
        il y a juste un message qui est apparu comme quoi l'application windows 32 patati patata n'avait pas pu etre chargée.

        je continue les autres etapes
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as viré avast? tu as quel antivirus?

    __________

    colle le rapport combofix demandé puis un nouveau hijakhcits
    0
    1. torerito
       
      j'avais avast et j'ai sunbelt personal firewall. je pense réinstaller avast quand tout sera fini.

      voila le rapport combofix

      ComboFix 08-05-12.1 - Propriétaire 2008-05-15 14:08:40.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.76 [GMT 2:00]
      Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\hgiRBcdd.ini
      C:\WINDOWS\system32\hgiRBcdd.ini2
      C:\WINDOWS\system32\jbpvlwvo.ini
      C:\WINDOWS\system32\rfbfppkc.ini

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 14:26 . 2008-05-15 14:35 344 --ahs---- C:\WINDOWS\system32\hgiRBcdd.ini2
      2008-05-15 14:26 . 2008-05-15 14:35 344 --ahs---- C:\WINDOWS\system32\hgiRBcdd.ini
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-05-15 12:32 . 2007-06-06 02:57 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-05-15 12:32 . 2008-05-15 12:32 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-05-15 12:32 . 2008-05-15 14:07 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
      2008-05-15 11:28 . 2008-05-15 11:28 <REP> d-------- C:\_OTMoveIt
      2008-05-15 10:08 . 2008-05-15 10:23 2,636 --a------ C:\WINDOWS\system32\tmp.reg
      2008-05-15 10:00 . 2008-05-15 10:03 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-05-15 08:56 . 2008-05-15 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-05-14 07:50 . 2008-05-14 07:50 <REP> d-------- C:\Program Files\AVG
      2008-05-14 01:18 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
      2008-05-14 01:18 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
      2008-05-14 01:18 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-05-13 22:58 . 2008-05-13 22:58 <REP> d--h----- C:\WINDOWS\PIF
      2008-05-13 22:58 . 2008-05-13 22:58 16 --a------ C:\WINDOWS\system32\coh.cache
      2008-05-13 22:09 . 2008-05-15 09:37 <REP> d-------- C:\Program Files\Symantec
      2008-05-13 22:08 . 2008-05-13 22:09 <REP> d-------- C:\Program Files\Yahoo!
      2008-05-13 21:52 . 2008-05-15 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
      2008-05-13 07:55 . 2008-05-13 07:55 <REP> d-------- C:\Program Files\CenterLock
      2008-05-12 23:17 . 2008-05-12 23:17 319,104 --a------ C:\WINDOWS\system32\ddcBRigh.dll
      2008-05-12 23:15 . 2008-05-12 19:23 212,992 --a------ C:\WINDOWS\vbksrofa.dll
      2008-05-12 23:13 . 2008-05-12 23:13 1 --a------ C:\WINDOWS\system32\kr_done1de
      2008-05-12 23:12 . 2008-05-12 23:12 29,312 --a------ C:\WINDOWS\system32\khfCsrOf.dll
      2008-05-12 23:11 . 2008-05-15 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
      2008-04-23 22:36 . 2008-05-07 08:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-04-23 22:36 . 2008-04-23 22:36 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-15 10:31 18,735 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
      2008-05-15 07:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-05-15 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-05-15 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-04-14 16:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-04-14 00:34 --------- d-----w C:\Program Files\Picasa2
      2008-04-12 18:37 --------- d-----w C:\Program Files\Microsoft Works
      2008-04-12 18:31 --------- d-----w C:\Program Files\Soulseek-Test
      2008-04-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
      2008-04-12 18:15 --------- d-----w C:\Program Files\Navilog1
      2008-04-12 14:13 --------- d-----w C:\Program Files\Trend Micro
      2008-04-09 01:04 --------- d-----w C:\Program Files\MSXML 4.0
      2008-04-08 17:56 --------- d-----w C:\Program Files\Gabest
      2008-04-08 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-08 13:30 --------- d-----w C:\Program Files\Java
      2008-04-08 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
      2008-04-08 13:10 --------- d-----w C:\Program Files\AviSynth 2.5
      2008-04-08 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-08 13:07 --------- d-----w C:\Program Files\Converio 2.0
      2008-04-08 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
      2008-04-07 17:43 --------- d-----w C:\Program Files\eMule
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-18 11:18 --------- d-----w C:\Program Files\Cybercorder
      2008-03-16 16:42 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-16 16:42 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-16 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-16 11:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2008-03-16 01:46 --------- d-----w C:\Program Files\Windows Live
      2008-03-16 01:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      .

      ------- Sigcheck -------

      2002-09-18 17:34 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
      2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
      2004-08-20 01:10 17408 a023a87b1931bd1755de1548746ac839 C:\WINDOWS\system32\svchost.exe

      2007-06-13 15:22 1039872 1dc24c44c2024683f7b071491e89f93d C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2002-09-18 17:23 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
      2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
      2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

      2002-09-18 17:32 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
      2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
      2004-08-20 01:10 110592 200173c15bfdef210e9165eaf4159360 C:\WINDOWS\system32\services.exe

      2002-09-18 17:24 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
      2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
      2004-08-20 01:09 14848 d39dcb7c85cd987eb5f9b14e31e36557 C:\WINDOWS\system32\lsass.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{797DD5F3-F115-4260-96A8-E19B4EB3B7A9}]
      2008-05-12 23:17 319104 --a------ C:\WINDOWS\system32\ddcBRigh.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97F7302A-147C-4435-901C-184375993BE6}]
      2008-05-12 23:12 29312 --a------ C:\WINDOWS\system32\khfCsrOf.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 03:43 68856]
      "EPSON Stylus D92 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe" [2006-09-27 06:00 139264]
      "MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-06-21 16:44 126976]
      "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 22:11 57344]
      "RealTray"="C:\Program Files\Real Alternative\mpclauncher.exe" [2007-03-04 17:06 673280]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
      "NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "f4d93faa"="C:\WINDOWS\system32\ovwlvpbj.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{97F7302A-147C-4435-901C-184375993BE6}"= C:\WINDOWS\system32\khfCsrOf.dll [2008-05-12 23:12 29312]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "ehKiFXfdMJRivWH"= {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCsrOf]
      khfCsrOf.dll 2008-05-12 23:12 29312 C:\WINDOWS\system32\khfCsrOf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.I420"= i420vfw.dll
      "vidc.yv12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddcBRigh

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Philips FunCam Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Philips FunCam Monitor.lnk
      backup=C:\WINDOWS\pss\Philips FunCam Monitor.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
      --------- 2002-10-14 22:11 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
      --a------ 2007-03-04 17:06 673280 C:\Program Files\Real Alternative\mpclauncher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
      --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
      R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
      R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
      R3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
      S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
      S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-08 09:51:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 14:26:23
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      C:\WINDOWS\system32\hgiRBcdd.ini2 456 bytes

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 1

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\khfCsrOf.dll

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\ddcBRigh.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\verclsid.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 14:43:26 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 12:42:49

      Pre-Run: 43,422,949,376 octets libres
      Post-Run: 43,565,154,304 octets libres

      219 --- E O F --- 2008-04-12 15:01:32














      et voila le hijack

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:48:05, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real Alternative\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [f4d93faa] rundll32.exe "C:\WINDOWS\system32\ovwlvpbj.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer = 80.118.192.100,80.118.196.36
      O21 - SSODL: ehKiFXfdMJRivWH - {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll (file missing)
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    ___________________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\khfCsrOf.dll
    C:\WINDOWS\system32\ovwlvpbj.dll
    C:\WINDOWS\system32\ddcBRigh.dll
    C:\WINDOWS\system32\khfCsrOf.dll
    C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
    C:\WINDOWS\system32\auoxcb.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{797DD5F3-F115-4260-96A8-E19B4EB3B7A9}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97F7302A-147C-4435-901C-184375993BE6}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MalWarrior"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "f4d93faa"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{97F7302A-147C-4435-901C-184375993BE6}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
    "ehKiFXfdMJRivWH"=-
    "{F4D93F06-5E73-95AC-3037-BEECC402A255}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCsrOf]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. torerito
       
      ok
      voici le rapport
      ComboFix 08-05-12.1 - Propriétaire 2008-05-15 15:25:53.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.81 [GMT 2:00]
      Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
      C:\WINDOWS\system32\auoxcb.dll
      C:\WINDOWS\system32\ddcBRigh.dll
      C:\WINDOWS\system32\khfCsrOf.dll
      C:\WINDOWS\system32\ovwlvpbj.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\ddcBRigh.dll
      C:\WINDOWS\system32\hgiRBcdd.ini
      C:\WINDOWS\system32\hgiRBcdd.ini2
      C:\WINDOWS\system32\khfCsrOf.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 14:43 . 2008-05-15 14:43 <REP> d-------- C:\Documents and Settings\Propriétaire
      2008-05-15 14:43 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
      2008-05-15 14:43 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-05-15 12:32 . 2007-06-06 02:57 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-05-15 12:32 . 2008-05-15 12:32 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-05-15 12:32 . 2008-05-15 14:07 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
      2008-05-15 11:28 . 2008-05-15 11:28 <REP> d-------- C:\_OTMoveIt
      2008-05-15 10:08 . 2008-05-15 10:23 2,636 --a------ C:\WINDOWS\system32\tmp.reg
      2008-05-15 10:00 . 2008-05-15 10:03 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-05-15 08:56 . 2008-05-15 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-05-14 07:50 . 2008-05-14 07:50 <REP> d-------- C:\Program Files\AVG
      2008-05-14 01:18 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
      2008-05-14 01:18 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
      2008-05-14 01:18 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-05-13 22:58 . 2008-05-13 22:58 <REP> d--h----- C:\WINDOWS\PIF
      2008-05-13 22:58 . 2008-05-13 22:58 16 --a------ C:\WINDOWS\system32\coh.cache
      2008-05-13 22:09 . 2008-05-15 09:37 <REP> d-------- C:\Program Files\Symantec
      2008-05-13 22:08 . 2008-05-13 22:09 <REP> d-------- C:\Program Files\Yahoo!
      2008-05-13 21:52 . 2008-05-15 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
      2008-05-13 07:55 . 2008-05-13 07:55 <REP> d-------- C:\Program Files\CenterLock
      2008-05-12 23:15 . 2008-05-12 19:23 212,992 --a------ C:\WINDOWS\vbksrofa.dll
      2008-05-12 23:13 . 2008-05-12 23:13 1 --a------ C:\WINDOWS\system32\kr_done1de
      2008-05-12 23:11 . 2008-05-15 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
      2008-04-23 22:36 . 2008-05-15 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-04-23 22:36 . 2008-04-23 22:36 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-15 10:31 18,735 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
      2008-05-15 07:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-05-15 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-05-15 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-04-14 16:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-04-14 00:34 --------- d-----w C:\Program Files\Picasa2
      2008-04-12 18:37 --------- d-----w C:\Program Files\Microsoft Works
      2008-04-12 18:31 --------- d-----w C:\Program Files\Soulseek-Test
      2008-04-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
      2008-04-12 18:15 --------- d-----w C:\Program Files\Navilog1
      2008-04-12 14:13 --------- d-----w C:\Program Files\Trend Micro
      2008-04-09 01:04 --------- d-----w C:\Program Files\MSXML 4.0
      2008-04-08 17:56 --------- d-----w C:\Program Files\Gabest
      2008-04-08 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-08 13:30 --------- d-----w C:\Program Files\Java
      2008-04-08 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
      2008-04-08 13:10 --------- d-----w C:\Program Files\AviSynth 2.5
      2008-04-08 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-08 13:07 --------- d-----w C:\Program Files\Converio 2.0
      2008-04-08 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
      2008-04-07 17:43 --------- d-----w C:\Program Files\eMule
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-18 11:18 --------- d-----w C:\Program Files\Cybercorder
      2008-03-16 16:42 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-16 16:42 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-16 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-16 11:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2008-03-16 01:46 --------- d-----w C:\Program Files\Windows Live
      2008-03-16 01:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      .

      ------- Sigcheck -------

      2002-09-18 17:34 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
      2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
      2004-08-20 01:10 17408 a023a87b1931bd1755de1548746ac839 C:\WINDOWS\system32\svchost.exe

      2007-06-13 15:22 1039872 1dc24c44c2024683f7b071491e89f93d C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2002-09-18 17:23 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
      2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
      2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

      2002-09-18 17:32 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
      2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
      2004-08-20 01:10 110592 200173c15bfdef210e9165eaf4159360 C:\WINDOWS\system32\services.exe

      2002-09-18 17:24 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
      2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
      2004-08-20 01:09 14848 d39dcb7c85cd987eb5f9b14e31e36557 C:\WINDOWS\system32\lsass.exe
      .
      ((((((((((((((((((((((((((((( snapshot@2008-05-15_14.40.26.81 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-15 12:24:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-15 13:38:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 03:43 68856]
      "EPSON Stylus D92 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe" [2006-09-27 06:00 139264]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-06-21 16:44 126976]
      "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 22:11 57344]
      "RealTray"="C:\Program Files\Real Alternative\mpclauncher.exe" [2007-03-04 17:06 673280]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
      "NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "ehKiFXfdMJRivWH"= {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCsrOf]
      khfCsrOf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.I420"= i420vfw.dll
      "vidc.yv12"= yv12vfw.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Philips FunCam Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Philips FunCam Monitor.lnk
      backup=C:\WINDOWS\pss\Philips FunCam Monitor.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
      --------- 2002-10-14 22:11 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
      --a------ 2007-03-04 17:06 673280 C:\Program Files\Real Alternative\mpclauncher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
      --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
      R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
      R3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
      S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
      S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-08 09:51:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 15:39:59
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 15:56:32 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 13:56:15
      ComboFix2.txt 2008-05-15 12:43:35

      Pre-Run: 44,853,194,752 octets libres
      Post-Run: 44,841,443,328 octets libres

      211 --- E O F --- 2008-04-12 15:01:32




      et le dernier hijack

      ComboFix 08-05-12.1 - Propriétaire 2008-05-15 15:25:53.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.81 [GMT 2:00]
      Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
      C:\WINDOWS\system32\auoxcb.dll
      C:\WINDOWS\system32\ddcBRigh.dll
      C:\WINDOWS\system32\khfCsrOf.dll
      C:\WINDOWS\system32\ovwlvpbj.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\ddcBRigh.dll
      C:\WINDOWS\system32\hgiRBcdd.ini
      C:\WINDOWS\system32\hgiRBcdd.ini2
      C:\WINDOWS\system32\khfCsrOf.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 14:43 . 2008-05-15 14:43 <REP> d-------- C:\Documents and Settings\Propriétaire
      2008-05-15 14:43 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
      2008-05-15 14:43 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-05-15 12:32 . 2007-06-06 02:57 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-05-15 12:32 . 2007-06-06 03:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-05-15 12:32 . 2008-05-15 12:32 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-05-15 12:32 . 2008-05-15 14:07 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
      2008-05-15 11:28 . 2008-05-15 11:28 <REP> d-------- C:\_OTMoveIt
      2008-05-15 10:08 . 2008-05-15 10:23 2,636 --a------ C:\WINDOWS\system32\tmp.reg
      2008-05-15 10:00 . 2008-05-15 10:03 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-05-15 08:56 . 2008-05-15 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-05-14 07:50 . 2008-05-14 07:50 <REP> d-------- C:\Program Files\AVG
      2008-05-14 01:18 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
      2008-05-14 01:18 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
      2008-05-14 01:18 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-05-13 22:58 . 2008-05-13 22:58 <REP> d--h----- C:\WINDOWS\PIF
      2008-05-13 22:58 . 2008-05-13 22:58 16 --a------ C:\WINDOWS\system32\coh.cache
      2008-05-13 22:09 . 2008-05-15 09:37 <REP> d-------- C:\Program Files\Symantec
      2008-05-13 22:08 . 2008-05-13 22:09 <REP> d-------- C:\Program Files\Yahoo!
      2008-05-13 21:52 . 2008-05-15 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
      2008-05-13 07:55 . 2008-05-13 07:55 <REP> d-------- C:\Program Files\CenterLock
      2008-05-12 23:15 . 2008-05-12 19:23 212,992 --a------ C:\WINDOWS\vbksrofa.dll
      2008-05-12 23:13 . 2008-05-12 23:13 1 --a------ C:\WINDOWS\system32\kr_done1de
      2008-05-12 23:11 . 2008-05-15 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
      2008-04-23 22:36 . 2008-05-15 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-04-23 22:36 . 2008-04-23 22:36 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-15 10:31 18,735 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
      2008-05-15 07:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-05-15 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-05-15 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-04-14 16:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-04-14 00:34 --------- d-----w C:\Program Files\Picasa2
      2008-04-12 18:37 --------- d-----w C:\Program Files\Microsoft Works
      2008-04-12 18:31 --------- d-----w C:\Program Files\Soulseek-Test
      2008-04-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
      2008-04-12 18:15 --------- d-----w C:\Program Files\Navilog1
      2008-04-12 14:13 --------- d-----w C:\Program Files\Trend Micro
      2008-04-09 01:04 --------- d-----w C:\Program Files\MSXML 4.0
      2008-04-08 17:56 --------- d-----w C:\Program Files\Gabest
      2008-04-08 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-08 13:30 --------- d-----w C:\Program Files\Java
      2008-04-08 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
      2008-04-08 13:10 --------- d-----w C:\Program Files\AviSynth 2.5
      2008-04-08 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-08 13:07 --------- d-----w C:\Program Files\Converio 2.0
      2008-04-08 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
      2008-04-07 17:43 --------- d-----w C:\Program Files\eMule
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-18 11:18 --------- d-----w C:\Program Files\Cybercorder
      2008-03-16 16:42 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-16 16:42 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-16 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-16 11:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2008-03-16 01:46 --------- d-----w C:\Program Files\Windows Live
      2008-03-16 01:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      .

      ------- Sigcheck -------

      2002-09-18 17:34 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
      2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
      2004-08-20 01:10 17408 a023a87b1931bd1755de1548746ac839 C:\WINDOWS\system32\svchost.exe

      2007-06-13 15:22 1039872 1dc24c44c2024683f7b071491e89f93d C:\WINDOWS\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2002-09-18 17:23 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
      2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
      2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

      2002-09-18 17:32 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
      2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
      2004-08-20 01:10 110592 200173c15bfdef210e9165eaf4159360 C:\WINDOWS\system32\services.exe

      2002-09-18 17:24 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
      2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
      2004-08-20 01:09 14848 d39dcb7c85cd987eb5f9b14e31e36557 C:\WINDOWS\system32\lsass.exe
      .
      ((((((((((((((((((((((((((((( snapshot@2008-05-15_14.40.26.81 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-15 12:24:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-15 13:38:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 03:43 68856]
      "EPSON Stylus D92 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe" [2006-09-27 06:00 139264]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-06-21 16:44 126976]
      "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 22:11 57344]
      "RealTray"="C:\Program Files\Real Alternative\mpclauncher.exe" [2007-03-04 17:06 673280]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
      "NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "ehKiFXfdMJRivWH"= {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCsrOf]
      khfCsrOf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.I420"= i420vfw.dll
      "vidc.yv12"= yv12vfw.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Philips FunCam Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Philips FunCam Monitor.lnk
      backup=C:\WINDOWS\pss\Philips FunCam Monitor.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
      --------- 2002-10-14 22:11 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
      --a------ 2007-03-04 17:06 673280 C:\Program Files\Real Alternative\mpclauncher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
      --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
      --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
      --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
      R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
      R3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
      S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
      S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-08 09:51:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 15:39:59
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 15:56:32 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 13:56:15
      ComboFix2.txt 2008-05-15 12:43:35

      Pre-Run: 44,853,194,752 octets libres
      Post-Run: 44,841,443,328 octets libres

      211 --- E O F --- 2008-04-12 15:01:32
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait cela devrait etre bon recolle un hijkackthis et dis tes soucis actuels
    0
    1. torerito
       
      ba heu plus de soucis, finis, envolés!


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:28:44, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
      C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real Alternative\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer = 80.118.192.100,80.118.196.36
      O20 - Winlogon Notify: khfCsrOf - khfCsrOf.dll (file missing)
      O21 - SSODL: ehKiFXfdMJRivWH - {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll (file missing)
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon

    tu peux fixer ces lignes:

    O20 - Winlogon Notify: khfCsrOf - khfCsrOf.dll (file missing)
    O21 - SSODL: ehKiFXfdMJRivWH - {F4D93F06-5E73-95AC-3037-BEECC402A255} - C:\WINDOWS\system32\auoxcb.dll (file missing)

    tu peux virer combofix, otmovit et hijakchits de ton ordi!

    _______

    c'est norton antivirus que tu as?
    0
    1. torerito
       
      comment je "fixe" ces lignes?



      j'avais norton mais je l'ai désinstallé, cetait la toute derniere version et vu que mon ordi est assez vieux, le logiciel etait tres lourd et ralentissait tout

      mais il y a un probleme, quand j'installe avast familial
      l'installation se fait avec succes, il me demande de redémarrer, ce que je fais
      mais au redemarrage, je ne peux plus rien faire, il y a le sablier tout le temps
      comment faire?
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok desinstalle avast

    https://www.avast.com/fr-fr/uninstall-utility

    ______________
    ensuite vire les traces de norton de ton ordinateur:

    fais ceci
    https://www.pcastuces.com/newsletter/adj/1630.htm

    ou
    fais ceci

    https://forum.zebulon.fr/topic/73027-supprimer-norton/

    ou ceci:

    https://forum.zebulon.fr/index.php?act=ST&f=38&t=57795

    __________________

    ensuite installe antivir plus performant, gratuit et consommant moins de ressource que les deux precedent:

    https://www.malekal.com/avira-free-security-antivirus-gratuit/
    0
    1. torerito
       
      ok

      et comment je fixe les dernieres lignes ?
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fixer:

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
    0
    1. torerito
       
      j'ai viré les dernieres traces de norton
      j'ai viré avast
      j'ai installé antivir

      mais le probleme, cest que au demarrage , il me met ce message "un virus a été trouvé" apparement explorer.exe serait le trojan TR/Patched.AA.239
      quoi que je fasse (ignore, quarantaine, delete, remove), il revient à la charge et me dit que eplorer.exe est le TR-Patched.AA.239

      du coup je viens de desinstaller antivir

      que faire?
      0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport antivir pour voir l'infection!
    0
    1. torerito
       
      jai viré antivir...
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pourqoui!!! garde le et colle un rapport!
    0
  14. torerito
     
    j'ai remis antivir
    et au redemarrage, tout à lair de fonctionner
    il ne me parle plus de TR-Patched.AA.239 , etc
    ++
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport avec antivir pour voir

    puis un nouvel hijakchtis
    0
    1. torerito
       
      je dois faire un scan complet de l'ordi?
      0
    2. torerito
       
      comment je fais le rapport antivir?
      0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    0
    1. torerito
       
      voici le rapport antivir
      j'ai arreté le scan apres qu'il ait trouvé 'explorer.exe'

      Avira AntiVir Personal
      Report file date: dimanche 18 mai 2008 18:17

      Scanning for 1276115 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: TRANO-NI6CDR

      Version information:
      BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/05/2008 16:11:41
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 18/05/2008 16:11:41
      LUKE.DLL : 8.1.2.9 151809 Bytes 18/05/2008 16:11:42
      LUKERES.DLL : 8.1.2.1 12033 Bytes 18/05/2008 16:11:42
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:11:43
      ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 16:11:43
      ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 16:11:43
      Engineversion : 8.1.0.46
      AEVDF.DLL : 8.1.0.5 102772 Bytes 18/05/2008 16:11:44
      AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18/05/2008 16:11:44
      AESCN.DLL : 8.1.0.18 119156 Bytes 18/05/2008 16:11:44
      AERDL.DLL : 8.1.0.20 418165 Bytes 18/05/2008 16:11:44
      AEPACK.DLL : 8.1.1.5 364918 Bytes 18/05/2008 16:11:44
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/05/2008 16:11:44
      AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18/05/2008 16:11:43
      AEHELP.DLL : 8.1.0.14 115063 Bytes 18/05/2008 16:11:43
      AEGEN.DLL : 8.1.0.21 303477 Bytes 18/05/2008 16:11:43
      AEEMU.DLL : 8.1.0.6 430451 Bytes 18/05/2008 16:11:43
      AECORE.DLL : 8.1.0.29 168311 Bytes 18/05/2008 16:11:43
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 18/05/2008 16:11:41
      AVPREF.DLL : 8.0.0.1 25857 Bytes 18/05/2008 16:11:41
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 18/05/2008 16:11:41
      AVARKT.DLL : 1.0.0.23 307457 Bytes 18/05/2008 16:11:41
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 18/05/2008 16:11:41
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/05/2008 16:11:42
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 18/05/2008 16:11:42
      NETNT.DLL : 8.0.0.1 7937 Bytes 18/05/2008 16:11:42
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 18/05/2008 16:11:29
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 18/05/2008 16:11:29

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: dimanche 18 mai 2008 18:17

      The scan of running processes will be started
      Scan process 'msnmsgr.exe' - '0' Module(s) have been scanned
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'AdobeUpdater.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'Creatr50.exe' - '1' Module(s) have been scanned
      Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
      Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'lxbbbmon.exe' - '1' Module(s) have been scanned
      Scan process 'lxbbbmgr.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'Directcd.exe' - '1' Module(s) have been scanned
      Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
      Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
      Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Module is infected -> 'C:\WINDOWS\Explorer.EXE'
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned

      42 processes with 42 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.

      The registry was scanned ( '0' files ).



      End of the scan: dimanche 18 mai 2008 18:19
      Used time: 02:22 min

      The scan has been canceled!

      0 Scanning directories
      42 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      41 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes



      que faire?
      0
    2. torerito
       
      voici le dernier rapport antivir apres scan complet en mode sans echec
      ca devient vraiment insupportable ce explorer.exe........
      à l'aide...


      Avira AntiVir Personal
      Report file date: dimanche 18 mai 2008 19:21

      Scanning for 1276115 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Save mode
      Username: Administrateur
      Computer name: TRANO-NI6CDR

      Version information:
      BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/05/2008 16:11:41
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 18/05/2008 16:11:41
      LUKE.DLL : 8.1.2.9 151809 Bytes 18/05/2008 16:11:42
      LUKERES.DLL : 8.1.2.1 12033 Bytes 18/05/2008 16:11:42
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:11:43
      ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 16:11:43
      ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 16:11:43
      Engineversion : 8.1.0.46
      AEVDF.DLL : 8.1.0.5 102772 Bytes 18/05/2008 16:11:44
      AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18/05/2008 16:11:44
      AESCN.DLL : 8.1.0.18 119156 Bytes 18/05/2008 16:11:44
      AERDL.DLL : 8.1.0.20 418165 Bytes 18/05/2008 16:11:44
      AEPACK.DLL : 8.1.1.5 364918 Bytes 18/05/2008 16:11:44
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/05/2008 16:11:44
      AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18/05/2008 16:11:43
      AEHELP.DLL : 8.1.0.14 115063 Bytes 18/05/2008 16:11:43
      AEGEN.DLL : 8.1.0.21 303477 Bytes 18/05/2008 16:11:43
      AEEMU.DLL : 8.1.0.6 430451 Bytes 18/05/2008 16:11:43
      AECORE.DLL : 8.1.0.29 168311 Bytes 18/05/2008 16:11:43
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 18/05/2008 16:11:41
      AVPREF.DLL : 8.0.0.1 25857 Bytes 18/05/2008 16:11:41
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 18/05/2008 16:11:41
      AVARKT.DLL : 1.0.0.23 307457 Bytes 18/05/2008 16:11:41
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 18/05/2008 16:11:41
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/05/2008 16:11:42
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 18/05/2008 16:11:42
      NETNT.DLL : 8.0.0.1 7937 Bytes 18/05/2008 16:11:42
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 18/05/2008 16:11:29
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 18/05/2008 16:11:29

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: dimanche 18 mai 2008 19:21

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Module is infected -> 'C:\WINDOWS\Explorer.EXE'
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned

      11 processes with 11 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.

      The registry was scanned ( '27' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\Propriétaire\Bureau\Navilog1.exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.79
      [NOTE] The file was moved to '48a666af.qua'!
      C:\Program Files\Navilog1\Backupnavi\fljbhfd.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
      [NOTE] The file was moved to '489a6e43.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\khfCsrOf.dll.vir
      [DETECTION] Is the Trojan horse TR/Agent.29312
      [NOTE] The file was moved to '48966efd.qua'!
      C:\WINDOWS\explorer.exe
      [DETECTION] Is the Trojan horse TR/Patched.AA.239
      [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
      [WARNING]
      C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
      [WARNING] The file could not be opened!


      End of the scan: dimanche 18 mai 2008 20:27
      Used time: 1:06:10 min

      The scan has been done completely.

      5108 Scanning directories
      190660 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      15 Files cannot be scanned
      190655 Files not concerned
      1041 Archives were scanned
      16 Warnings
      3 Notes
      0
  17. torerito
     
    et voici le dernier rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:58:22, on 18/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\svchost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real Alternative\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C75A5B-6FB6-4385-BE7B-9A48042B8FC1}: NameServer = 80.118.192.100,80.118.196.36
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il me faut un rapport antivir car tu m'a colé un rapport arrété avant la fin! et donc je ne sais pas quel fichier est infécté!

    ________________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. torerito
       
      Avira AntiVir Personal
      Report file date: dimanche 18 mai 2008 19:21

      Scanning for 1276115 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Save mode
      Username: Administrateur
      Computer name: TRANO-NI6CDR

      Version information:
      BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/05/2008 16:11:41
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 18/05/2008 16:11:41
      LUKE.DLL : 8.1.2.9 151809 Bytes 18/05/2008 16:11:42
      LUKERES.DLL : 8.1.2.1 12033 Bytes 18/05/2008 16:11:42
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:11:43
      ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 16:11:43
      ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 16:11:43
      Engineversion : 8.1.0.46
      AEVDF.DLL : 8.1.0.5 102772 Bytes 18/05/2008 16:11:44
      AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18/05/2008 16:11:44
      AESCN.DLL : 8.1.0.18 119156 Bytes 18/05/2008 16:11:44
      AERDL.DLL : 8.1.0.20 418165 Bytes 18/05/2008 16:11:44
      AEPACK.DLL : 8.1.1.5 364918 Bytes 18/05/2008 16:11:44
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/05/2008 16:11:44
      AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18/05/2008 16:11:43
      AEHELP.DLL : 8.1.0.14 115063 Bytes 18/05/2008 16:11:43
      AEGEN.DLL : 8.1.0.21 303477 Bytes 18/05/2008 16:11:43
      AEEMU.DLL : 8.1.0.6 430451 Bytes 18/05/2008 16:11:43
      AECORE.DLL : 8.1.0.29 168311 Bytes 18/05/2008 16:11:43
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 18/05/2008 16:11:41
      AVPREF.DLL : 8.0.0.1 25857 Bytes 18/05/2008 16:11:41
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 18/05/2008 16:11:41
      AVARKT.DLL : 1.0.0.23 307457 Bytes 18/05/2008 16:11:41
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 18/05/2008 16:11:41
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/05/2008 16:11:42
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 18/05/2008 16:11:42
      NETNT.DLL : 8.0.0.1 7937 Bytes 18/05/2008 16:11:42
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 18/05/2008 16:11:29
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 18/05/2008 16:11:29

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: dimanche 18 mai 2008 19:21

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Module is infected -> 'C:\WINDOWS\Explorer.EXE'
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned

      11 processes with 11 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.

      The registry was scanned ( '27' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\Propriétaire\Bureau\Navilog1.exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.79
      [NOTE] The file was moved to '48a666af.qua'!
      C:\Program Files\Navilog1\Backupnavi\fljbhfd.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
      [NOTE] The file was moved to '489a6e43.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\khfCsrOf.dll.vir
      [DETECTION] Is the Trojan horse TR/Agent.29312
      [NOTE] The file was moved to '48966efd.qua'!
      C:\WINDOWS\explorer.exe
      [DETECTION] Is the Trojan horse TR/Patched.AA.239
      [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
      [WARNING]
      C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
      [WARNING] The file could not be opened!
      C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
      [WARNING] The file could not be opened!


      End of the scan: dimanche 18 mai 2008 20:27
      Used time: 1:06:10 min

      The scan has been done completely.

      5108 Scanning directories
      190660 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      15 Files cannot be scanned
      190655 Files not concerned
      1041 Archives were scanned
      16 Warnings
      3 Notes
      0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    désactive la protection en temps reel d'antivir pour le moment si tu as trop d'alerte (cliquer avec bouton droit sur le parapluie)

    vire ce qui est en quarantaine dans antivir

    ____________

    vire ce qui est dans le dossier backupnavi en allant dans psote de travail puis

    C:\Program Files\Navilog1\Backupnavi

    vire ce qui est dans quarantine:

    C:\QooBox\Quarantine
    ______________

    lance et vire ce qui est trouvé avec tools cleaner

    Télécharge ToolsCleaner sur ton bureau.
    --> https://www.commentcamarche.net/telecharger/ 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-)

    ____________________

    pour demarrer en mode sans echec:
    mode sans echec:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020905112131924

    ______________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport (faire le scan en mode sans echec:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _______________________

    recolle un rapport antivir en scannant avec en mode sans echec
    0
    1. torerito
       
      deja le rapport de malwarebytes


      Malwarebytes' Anti-Malware 1.12
      Version de la base de données: 762

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 95202
      Temps écoulé: 59 minute(s), 13 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 3
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{C7FBB79F-165F-4B58-BDB4-B80F37E4D31C}\RP501\A0078621.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{C7FBB79F-165F-4B58-BDB4-B80F37E4D31C}\RP504\A0081912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\vbksrofa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      0
    2. torerito
       
      nouveau rapport de malware bytes, fait en mode sans echec, apres avoir viré tout dans la quarantaine, et fait toolcleaner (jai tout supprimé ce qu'a trouvé tool cleaner)

      Malwarebytes' Anti-Malware 1.12
      Database version: 762

      Scan type: Full Scan (C:\|)
      Objects scanned: 94991
      Time elapsed: 37 minute(s), 14 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)

      donc il n'a rien trouvé
      la jvais faire un scan avec antivir en m.sans echec
      antivir toujours aussi c..... au demarrage avec son explorer.exe qui serait un trojan
      jvais porter plaine pour harcelement!
      :)
      0
      1. torerito > torerito
         
        et voila le rapport antivir

        Avira AntiVir Personal
        Report file date: lundi 19 mai 2008 02:05

        Scanning for 1276115 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 2) [5.1.2600]
        Boot mode: Save mode with network
        Username: Administrateur
        Computer name: TRANO-NI6CDR

        Version information:
        BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
        AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/05/2008 16:11:41
        AVSCAN.DLL : 8.1.1.0 53505 Bytes 18/05/2008 16:11:41
        LUKE.DLL : 8.1.2.9 151809 Bytes 18/05/2008 16:11:42
        LUKERES.DLL : 8.1.2.1 12033 Bytes 18/05/2008 16:11:42
        ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
        ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:11:43
        ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 16:11:43
        ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 16:11:43
        Engineversion : 8.1.0.46
        AEVDF.DLL : 8.1.0.5 102772 Bytes 18/05/2008 16:11:44
        AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18/05/2008 16:11:44
        AESCN.DLL : 8.1.0.18 119156 Bytes 18/05/2008 16:11:44
        AERDL.DLL : 8.1.0.20 418165 Bytes 18/05/2008 16:11:44
        AEPACK.DLL : 8.1.1.5 364918 Bytes 18/05/2008 16:11:44
        AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/05/2008 16:11:44
        AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18/05/2008 16:11:43
        AEHELP.DLL : 8.1.0.14 115063 Bytes 18/05/2008 16:11:43
        AEGEN.DLL : 8.1.0.21 303477 Bytes 18/05/2008 16:11:43
        AEEMU.DLL : 8.1.0.6 430451 Bytes 18/05/2008 16:11:43
        AECORE.DLL : 8.1.0.29 168311 Bytes 18/05/2008 16:11:43
        AVWINLL.DLL : 1.0.0.7 14593 Bytes 18/05/2008 16:11:41
        AVPREF.DLL : 8.0.0.1 25857 Bytes 18/05/2008 16:11:41
        AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
        AVREG.DLL : 8.0.0.0 30977 Bytes 18/05/2008 16:11:41
        AVARKT.DLL : 1.0.0.23 307457 Bytes 18/05/2008 16:11:41
        AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 18/05/2008 16:11:41
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/05/2008 16:11:42
        SMTPLIB.DLL : 1.2.0.19 28929 Bytes 18/05/2008 16:11:42
        NETNT.DLL : 8.0.0.1 7937 Bytes 18/05/2008 16:11:42
        RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 18/05/2008 16:11:29
        RCTEXT.DLL : 8.0.32.0 86273 Bytes 18/05/2008 16:11:29

        Configuration settings for the scan:
        Jobname..........................: Complete system scan
        Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:,
        Scan memory......................: on
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: off
        Scan all files...................: Intelligent file selection
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: medium

        Start of the scan: lundi 19 mai 2008 02:05

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Module is infected -> 'C:\WINDOWS\Explorer.EXE'
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned

        19 processes with 19 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!

        Starting to scan the registry.

        The registry was scanned ( '27' files ).


        Starting the file scan:

        Begin scan in 'C:\'
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        C:\WINDOWS\explorer.exe
        [DETECTION] Is the Trojan horse TR/Patched.AA.239
        [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
        [WARNING]
        C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
        [WARNING] The file could not be opened!
        C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
        [WARNING] The file could not be opened!


        End of the scan: lundi 19 mai 2008 02:51
        Used time: 45:32 min

        The scan has been done completely.

        5139 Scanning directories
        191611 Files were scanned
        2 viruses and/or unwanted programs were found
        0 Files were classified as suspicious:
        0 files were deleted
        0 files were repaired
        0 files were moved to quarantine
        0 files were renamed
        15 Files cannot be scanned
        191609 Files not concerned
        1084 Archives were scanned
        16 Warnings
        0 Notes

        si tu peux maider......ce serait genial!
        merci d'avance
        0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\explorer.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. torerito
       
      Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.

      OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05192008_124132
      0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
    1. torerito
       
      [b]SDFix: Version 1.183 [/b]
      Run by Propri‚taire on 19/05/2008 at 13:15

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\DOCUME~1\PROPRI~1\Bureau\SDFix

      [b]Checking Services [/b]:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      No Trojan Files Found




      donc il ne trouve rien
      et au demarrage, antivir est toujours insupportable avec 'explorer.exe'
      je met ignore, ignore, ignore
      0
  • 1
  • 2