Sujet Précédent Sujet Suivant

Infection : BAT/Fake.Privdanger

Résolu/Fermé
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 - 15 mai 2008 à 11:58
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 15 mai 2008 à 21:59
Bonjour,
Antivir viens de me détecter BAT/Fake.Privdanger
Je vous poste un log Hijackthis que je viens de faire
malgrès plusieurs tentative je n'arrive pas à m'en débarasser, donc j'ai besoin de votre aide ;) merci.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:11, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equipe.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {755F70ED-8112-4AEA-B77B-E11296C79DA7} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [acaa2b02] rundll32.exe "C:\WINDOWS\system32\jqgidine.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: vbksrofa - {F93FD192-2EFB-4E6E-8D3C-D9EA7A3BB3AC} - (no file)
O21 - SSODL: mpfanvqg - {A0FDE778-3AA6-45D1-AFE7-8C0D7917DDDE} - C:\WINDOWS\mpfanvqg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

15 réponses

Réponse 1 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 12:06
slt,


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

________________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php


2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
0
Réponse 2 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 12:45
Rapport COMBOFIX

ComboFix 08-05-12.1 - Clément Lamy 2008-05-15 12:24:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.575 [GMT 2:00]
Endroit: C:\Documents and Settings\Clément Lamy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rs.txt
C:\WINDOWS\system32\enidigqj.ini
C:\WINDOWS\system32\qBISDcfe.ini
C:\WINDOWS\system32\qBISDcfe.ini2
C:\WINDOWS\system32\uvixptej.ini
C:\WINDOWS\system32\XEhOnqss.ini
C:\WINDOWS\system32\XEhOnqss.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 11:54 . 2008-05-15 11:54 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 11:33 . 2008-05-15 11:33 91,776 --a------ C:\WINDOWS\system32\jqgidine.dll
2008-05-15 11:32 . 2008-05-15 11:32 318,848 --a------ C:\WINDOWS\system32\ssqnOhEX.dll
2008-05-15 10:16 . 2008-05-15 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-15 09:03 . 2008-05-15 03:48 217,088 --a------ C:\WINDOWS\fvowketqxfo.dll
2008-05-15 09:03 . 2008-05-15 03:47 176,128 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-15 09:03 . 2008-05-15 03:48 94,208 --a------ C:\WINDOWS\epfg.exe
2008-05-15 09:03 . 2008-05-15 03:49 81,920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-15 09:03 . 2008-05-15 09:03 29,824 --a------ C:\WINDOWS\system32\qoMdBSiH.dll
2008-05-13 16:15 . 2006-04-16 23:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-05-13 16:15 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-13 16:15 . 1998-07-13 00:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-05-13 16:15 . 1998-07-13 00:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-05-13 16:07 . 2008-05-13 16:15 <REP> d-------- C:\Program Files\ZNsoft Corporation
2008-05-13 16:07 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-05-13 16:07 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-05-13 16:07 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
2008-05-13 12:30 . 2008-05-13 12:30 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-10 16:54 . 2008-05-14 13:06 <REP> d-------- C:\Program Files\Steam
2008-05-07 08:02 . 2008-05-07 08:02 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_69207.LOG
2008-05-07 08:02 . 2008-05-07 08:02 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_99190.LOG
2008-05-06 19:27 . 2008-05-06 19:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-28 23:02 . 2008-04-28 23:02 <REP> d-------- C:\Program Files\X'nBeep 1.1
2008-04-28 13:46 . 2008-04-28 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-23 16:48 . 2008-04-23 16:48 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-23 16:42 . 2008-04-23 16:44 <REP> d--h----- C:\Program Files\Zero G Registry
2008-04-23 16:42 . 2008-04-23 16:42 <REP> d-------- C:\Program Files\Sports Interactive
2008-04-21 13:15 . 2008-04-21 13:15 <REP> d-------- C:\Program Files\Securitoo
2008-04-21 13:14 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-04-21 13:14 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-04-21 13:14 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-04-21 13:13 . 2008-04-21 13:13 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 07:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 20:19 --------- d-----w C:\Program Files\mIRC
2008-05-07 13:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-06 11:02 --------- d-----w C:\Program Files\Bonjour
2008-04-21 15:28 --------- d-----w C:\Program Files\Azureus
2008-04-13 13:47 --------- d-----w C:\Program Files\CCleaner
2008-04-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 15:23 3,624 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-08 09:19 --------- d-----w C:\Program Files\iTunes
2008-04-08 09:18 --------- d-----w C:\Program Files\iPod
2008-04-08 09:17 --------- d-----w C:\Program Files\QuickTime
2008-04-02 10:40 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-02 10:40 --------- d-----w C:\Program Files\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-04-02 10:39 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-04F01.MRK
2008-04-02 10:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-01 19:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-03-29 23:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-28 12:25 --------- d-----w C:\Program Files\MapImagery
2008-03-28 12:25 --------- d-----w C:\Program Files\GID
2008-03-28 12:24 --------- d-----w C:\Program Files\ER Mapper
2008-03-28 12:24 --------- d-----w C:\Program Files\ChronoMap
2008-03-28 12:23 --------- d-----w C:\Program Files\ChronoVia
2008-03-28 12:21 --------- d-----w C:\Program Files\MapInfo
2008-03-28 12:18 --------- d-----w C:\Program Files\Seagate Software
2008-03-28 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MapInfo
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DF596B-3170-4F07-BE10-86E31456BC56}]
2008-05-15 09:03 29824 --a------ C:\WINDOWS\system32\qoMdBSiH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21DF18BB-359C-498D-8281-37573586E48B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4E26A3A-80E0-4467-B116-4F0DC4441C4A}]
2008-05-15 03:48 217088 --a------ C:\WINDOWS\fvowketqxfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2D08891-996E-4887-8FBA-B3EAA3CBFC29}]
2008-05-15 11:32 318848 --a------ C:\WINDOWS\system32\ssqnOhEX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 21:04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"TFncKy"="TFncKy.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 09:01 262401]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"acaa2b02"="C:\WINDOWS\system32\jqgidine.dll" [2008-05-15 11:33 91776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{06DF596B-3170-4F07-BE10-86E31456BC56}"= C:\WINDOWS\system32\qoMdBSiH.dll [2008-05-15 09:03 29824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {A0FDE778-3AA6-45D1-AFE7-8C0D7917DDDE} - C:\WINDOWS\mpfanvqg.dll [2008-05-15 03:47 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBSiH]
qoMdBSiH.dll 2008-05-15 09:03 29824 C:\WINDOWS\system32\qoMdBSiH.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\DOCUME~1\CLMENT~1\LOCALS~1\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation Svchost Services]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-10 16:55 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-29 21:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NDSTray.exe"=NDSTray.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Steam\\steamapps\\paul.lamy3@wanadoo.fr\\counter-strike\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 10:30:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 10:31:56 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 12:33:16
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qoMdBSiH.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jqgidine.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 12:39:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 10:39:02

Pre-Run: 19,735,666,688 octets libres
Post-Run: 19,657,535,488 octets libres

254 --- E O F --- 2008-05-14 14:23:01



Rapport : SmitFraudFix
SmitFraudFix v2.320

Rapport fait à 12:41:14,04, 15/05/2008
Executé à partir de C:\Documents and Settings\Cl‚ment Lamy\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cl‚ment Lamy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cl‚ment Lamy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CLMENT~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: mpfanvqg.dll
SSODL: mpfanvqg - {A0FDE778-3AA6-45D1-AFE7-8C0D7917DDDE}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{252C9785-BA69-4B98-B632-26BEC4C9FB10}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AB38D677-1803-4B74-A73D-5BF7147BA8CD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 12:59
redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée


______

analyse ces fichiers sur virus total et dis moi lesquels sont considéré comme inféctés: https://www.virustotal.com/gui/

C:\WINDOWS\system32\jqgidine.dll
C:\WINDOWS\system32\ssqnOhEX.dll
C:\WINDOWS\fvowketqxfo.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\epfg.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\qoMdBSiH.dll
_________
0
Réponse 4 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 13:34
SmitFraudFix v2.320

Rapport fait à 13:13:18,53, 15/05/2008
Executé à partir de C:\Documents and Settings\Cl‚ment Lamy\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\mpfanvqg.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{41243F28-9D32-4B16-A433-014D22C23955}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{41243F28-9D32-4B16-A433-014D22C23955}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{252C9785-BA69-4B98-B632-26BEC4C9FB10}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AB38D677-1803-4B74-A73D-5BF7147BA8CD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin







C:\WINDOWS\system32\jqgidine.dll
0 bytes size received


C:\WINDOWS\system32\ssqnOhEX.dll
Webwasher-Gateway 6.6.2 2008.05.15 Win32.Malware.gen!90 (suspicious)


C:\WINDOWS\fvowketqxfo.dll
AntiVir 7.8.0.17 2008.05.13 ADSPY/Vapsup.egm
Avast 4.8.1169.0 2008.05.12 Win32:Vapsup-EB
AVG 7.5.0.516 2008.05.13 Downloader.Adload.ID
F-Prot 4.4.2.54 2008.05.13 W32/Adware-RegBHO-based.1!Maximus
GData 2.0.7306.1023 2008.05.14 Win32:Vapsup-EB
Ikarus T3.1.1.26.0 2008.05.13 Trojan.BHO.Agent.221184
Microsoft 1.3408 2008.05.13 Trojan:Win32/Zlob.gen!H
Sophos 4.29.0 2008.05.13 Mal/Emogen-AC
VBA32 3.12.6.6 2008.05.13 suspected of Downloader.Zlob.8
Webwasher-Gateway 6.6.2 2008.05.13 Ad-Spyware.Vapsup.egm


C:\WINDOWS\mpfanvqg.dll
0 bytes size received


C:\WINDOWS\epfg.exe
Avast - - Win32:Vapsup-BO
GData - - Win32:Vapsup-BO


C:\WINDOWS\oadkxrts.exe
Microsoft 1.3408 2008.05.13 Trojan:Win32/Small.ZZB



C:\WINDOWS\system32\qoMdBSiH.dll
Prevx1 V2 2008.05.15 Cloaked Malware
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 13:57
parfait



___________

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







File::
C:\WINDOWS\system32\jqgidine.dll
C:\WINDOWS\system32\ssqnOhEX.dll
C:\WINDOWS\fvowketqxfo.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\epfg.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\qoMdBSiH.dll
C:\WINDOWS\privacy_danger\index.htm





Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DF596B-3170-4F07-BE10-86E31456BC56}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21DF18BB-359C-498D-8281-37573586E48B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4E26A3A-80E0-4467-B116-4F0DC4441C4A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2D08891-996E-4887-8FBA-B3EAA3CBFC29}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acaa2b02"=-
C:\WINDOWS\system32\jqgidine.dll
"{06DF596B-3170-4F07-BE10-86E31456BC56}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
"mpfanvqg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBSiH]







Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis moi si encore des soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 6 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 14:27
ComboFix 08-05-12.1 - Clément Lamy 2008-05-15 14:09:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.554 [GMT 2:00]
Endroit: C:\Documents and Settings\Clément Lamy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clément Lamy\Bureau\CFscript.docx
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\oqgulxrj.ini
C:\WINDOWS\system32\xaraengd.ini
C:\WINDOWS\system32\XEhOnqss.ini
C:\WINDOWS\system32\XEhOnqss.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 14:19 . 2008-05-15 14:19 294 ---hs---- C:\WINDOWS\system32\xaraengd.ini
2008-05-15 12:54 . 2008-05-15 12:54 91,776 --a------ C:\WINDOWS\system32\dgnearax.dll
2008-05-15 12:39 . 2008-05-15 12:39 <REP> d-------- C:\Documents and Settings\Clément Lamy
2008-05-15 12:39 . <REP> C:\Documents and Settings\ClÚment Lamy\Local Settings
2008-05-15 12:39 . <REP> C:\Documents and Settings\ClÚment Lamy\Local Settings
2008-05-15 12:39 . 2008-05-15 12:39 294 ---hs---- C:\WINDOWS\system32\enidigqj.ini
2008-05-15 11:54 . 2008-05-15 11:54 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 11:32 . 2008-05-15 11:32 318,848 --a------ C:\WINDOWS\system32\ssqnOhEX.dll
2008-05-15 10:16 . 2008-05-15 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-15 09:03 . 2008-05-15 03:48 217,088 --a------ C:\WINDOWS\fvowketqxfo.dll
2008-05-15 09:03 . 2008-05-15 03:48 94,208 --a------ C:\WINDOWS\epfg.exe
2008-05-15 09:03 . 2008-05-15 03:49 81,920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-15 09:03 . 2008-05-15 09:03 29,824 --a------ C:\WINDOWS\system32\qoMdBSiH.dll
2008-05-13 16:15 . 2006-04-16 23:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-05-13 16:15 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-13 16:15 . 1998-07-13 00:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-05-13 16:15 . 1998-07-13 00:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-05-13 16:07 . 2008-05-13 16:15 <REP> d-------- C:\Program Files\ZNsoft Corporation
2008-05-13 16:07 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-05-13 16:07 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-05-13 16:07 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
2008-05-13 12:30 . 2008-05-13 12:30 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-10 16:54 . 2008-05-14 13:06 <REP> d-------- C:\Program Files\Steam
2008-05-07 08:02 . 2008-05-07 08:02 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_69207.LOG
2008-05-07 08:02 . 2008-05-07 08:02 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_99190.LOG
2008-05-06 19:27 . 2008-05-06 19:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-28 23:02 . 2008-04-28 23:02 <REP> d-------- C:\Program Files\X'nBeep 1.1
2008-04-28 13:46 . 2008-04-28 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-23 16:48 . 2008-04-23 16:48 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-23 16:42 . 2008-04-23 16:44 <REP> d--h----- C:\Program Files\Zero G Registry
2008-04-23 16:42 . 2008-04-23 16:42 <REP> d-------- C:\Program Files\Sports Interactive
2008-04-21 13:15 . 2008-04-21 13:15 <REP> d-------- C:\Program Files\Securitoo
2008-04-21 13:14 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-04-21 13:14 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-04-21 13:14 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-04-21 13:13 . 2008-04-21 13:13 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 11:13 2,662 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-15 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 07:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 20:19 --------- d-----w C:\Program Files\mIRC
2008-05-07 13:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-06 11:02 --------- d-----w C:\Program Files\Bonjour
2008-04-21 15:28 --------- d-----w C:\Program Files\Azureus
2008-04-13 13:47 --------- d-----w C:\Program Files\CCleaner
2008-04-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 09:19 --------- d-----w C:\Program Files\iTunes
2008-04-08 09:18 --------- d-----w C:\Program Files\iPod
2008-04-08 09:17 --------- d-----w C:\Program Files\QuickTime
2008-04-02 10:40 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-02 10:40 --------- d-----w C:\Program Files\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-04-02 10:39 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-04F01.MRK
2008-04-02 10:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-01 19:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-03-29 23:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-28 12:25 --------- d-----w C:\Program Files\MapImagery
2008-03-28 12:25 --------- d-----w C:\Program Files\GID
2008-03-28 12:24 --------- d-----w C:\Program Files\ER Mapper
2008-03-28 12:24 --------- d-----w C:\Program Files\ChronoMap
2008-03-28 12:23 --------- d-----w C:\Program Files\ChronoVia
2008-03-28 12:21 --------- d-----w C:\Program Files\MapInfo
2008-03-28 12:18 --------- d-----w C:\Program Files\Seagate Software
2008-03-28 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MapInfo
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-15_12.38.03.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 10:31:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 12:17:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DF596B-3170-4F07-BE10-86E31456BC56}]
2008-05-15 09:03 29824 --a------ C:\WINDOWS\system32\qoMdBSiH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15D442CE-6597-41CB-936E-75B01F92A7CB}]
2008-05-15 14:23 318336 --a------ C:\WINDOWS\system32\hgGwUmml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21DF18BB-359C-498D-8281-37573586E48B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4E26A3A-80E0-4467-B116-4F0DC4441C4A}]
2008-05-15 03:48 217088 --a------ C:\WINDOWS\fvowketqxfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7433C95-B460-4722-A23F-AAC4A9FDF8CF}]
2008-05-15 11:32 318848 --a------ C:\WINDOWS\system32\ssqnOhEX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 21:04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"TFncKy"="TFncKy.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 09:01 262401]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"acaa2b02"="C:\WINDOWS\system32\dgnearax.dll" [2008-05-15 12:54 91776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{06DF596B-3170-4F07-BE10-86E31456BC56}"= C:\WINDOWS\system32\qoMdBSiH.dll [2008-05-15 09:03 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBSiH]
qoMdBSiH.dll 2008-05-15 09:03 29824 C:\WINDOWS\system32\qoMdBSiH.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\hgGwUmml

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\DOCUME~1\CLMENT~1\LOCALS~1\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation Svchost Services]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-10 16:55 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-29 21:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NDSTray.exe"=NDSTray.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Steam\\steamapps\\paul.lamy3@wanadoo.fr\\counter-strike\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 10:30:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 12:17:32 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 14:18:16
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\WINDOWS\system32\xaraengd.ini 294 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qoMdBSiH.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\hvybpxlq.dll
-> C:\WINDOWS\system32\hgGwUmml.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 14:25:03 - machine was rebooted [Cl‚ment Lamy]
ComboFix-quarantined-files.txt 2008-05-15 12:24:51
ComboFix2.txt 2008-05-15 10:39:10

Pre-Run: 40,591,962,112 octets libres
Post-Run: 40,604,725,248 octets libres

263 --- E O F --- 2008-05-14 14:23:01












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:30, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equipe.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {755F70ED-8112-4AEA-B77B-E11296C79DA7} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [acaa2b02] rundll32.exe "C:\WINDOWS\system32\hvybpxlq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: vbksrofa - {F93FD192-2EFB-4E6E-8D3C-D9EA7A3BB3AC} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 7 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 14:33
j'ai toujours des merdes :/
du style j'ai des pages internet qui s'ouvrent en voulant me faire télécharger des conneries comme optimiser mon PC ou dans ce genre...
0
Réponse 8 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 14:42
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".





R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O3 - Toolbar: (no name) - {755F70ED-8112-4AEA-B77B-E11296C79DA7} - (no file)
O4 - HKLM\..\Run: [acaa2b02] rundll32.exe "C:\WINDOWS\system32\hvybpxlq.dll",b
O21 - SSODL: vbksrofa - {F93FD192-2EFB-4E6E-8D3C-D9EA7A3BB3AC} - (no file)

_____________________


tu as du mal faire le message 5 recommence et renomme bien le dossier (attention aux majuscules et minuscules)


pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







File::
C:\WINDOWS\system32\jqgidine.dll
C:\WINDOWS\system32\ssqnOhEX.dll
C:\WINDOWS\fvowketqxfo.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\epfg.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\qoMdBSiH.dll
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\hvybpxlq.dll




Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DF596B-3170-4F07-BE10-86E31456BC56}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21DF18BB-359C-498D-8281-37573586E48B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4E26A3A-80E0-4467-B116-4F0DC4441C4A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2D08891-996E-4887-8FBA-B3EAA3CBFC29}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acaa2b02"=-
C:\WINDOWS\system32\jqgidine.dll
"{06DF596B-3170-4F07-BE10-86E31456BC56}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­­
"mpfanvqg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBSiH]







Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis moi si encore des soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

________________________


Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 9 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 15:16
J'ai refait la manip du post 5


ComboFix 08-05-12.1 - Clément Lamy 2008-05-15 14:52:12.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.546 [GMT 2:00]
Endroit: C:\Documents and Settings\Clément Lamy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clément Lamy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\epfg.exe
C:\WINDOWS\fvowketqxfo.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\hvybpxlq.dll
C:\WINDOWS\system32\jqgidine.dll
C:\WINDOWS\system32\qoMdBSiH.dll
C:\WINDOWS\system32\ssqnOhEX.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\epfg.exe
C:\WINDOWS\fvowketqxfo.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\hvybpxlq.dll
C:\WINDOWS\system32\lmmUwGgh.ini
C:\WINDOWS\system32\lmmUwGgh.ini2
C:\WINDOWS\system32\qlxpbyvh.ini
C:\WINDOWS\system32\qoMdBSiH.dll
C:\WINDOWS\system32\ssqnOhEX.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 14:23 . 2008-05-15 14:23 318,336 --a------ C:\WINDOWS\system32\hgGwUmml.dll
2008-05-15 14:19 . 2008-05-15 14:19 294 ---hs---- C:\WINDOWS\system32\xaraengd.ini
2008-05-15 12:39 . 2008-05-15 12:39 <REP> d-------- C:\Documents and Settings\Clément Lamy
2008-05-15 12:39 . <REP> C:\Documents and Settings\ClÚment Lamy\Local Settings
2008-05-15 12:39 . <REP> C:\Documents and Settings\ClÚment Lamy\Local Settings
2008-05-15 12:39 . 2008-05-15 12:39 294 ---hs---- C:\WINDOWS\system32\enidigqj.ini
2008-05-15 11:54 . 2008-05-15 11:54 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 10:16 . 2008-05-15 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-13 16:15 . 2006-04-16 23:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-05-13 16:15 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-13 16:15 . 1998-07-13 00:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-05-13 16:15 . 1998-07-13 00:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-05-13 16:07 . 2008-05-13 16:15 <REP> d-------- C:\Program Files\ZNsoft Corporation
2008-05-13 16:07 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-05-13 16:07 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-05-13 16:07 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
2008-05-13 12:30 . 2008-05-13 12:30 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-10 16:54 . 2008-05-14 13:06 <REP> d-------- C:\Program Files\Steam
2008-05-07 08:02 . 2008-05-07 08:02 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_69207.LOG
2008-05-07 08:02 . 2008-05-07 08:02 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_99190.LOG
2008-05-06 19:27 . 2008-05-06 19:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-28 23:02 . 2008-04-28 23:02 <REP> d-------- C:\Program Files\X'nBeep 1.1
2008-04-28 13:46 . 2008-04-28 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-23 16:48 . 2008-04-23 16:48 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-23 16:42 . 2008-04-23 16:44 <REP> d--h----- C:\Program Files\Zero G Registry
2008-04-23 16:42 . 2008-04-23 16:42 <REP> d-------- C:\Program Files\Sports Interactive
2008-04-21 13:15 . 2008-04-21 13:15 <REP> d-------- C:\Program Files\Securitoo
2008-04-21 13:14 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-04-21 13:14 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-04-21 13:14 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-04-21 13:13 . 2008-04-21 13:13 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 07:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 20:19 --------- d-----w C:\Program Files\mIRC
2008-05-07 13:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-06 11:02 --------- d-----w C:\Program Files\Bonjour
2008-04-21 15:28 --------- d-----w C:\Program Files\Azureus
2008-04-13 13:47 --------- d-----w C:\Program Files\CCleaner
2008-04-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 09:19 --------- d-----w C:\Program Files\iTunes
2008-04-08 09:18 --------- d-----w C:\Program Files\iPod
2008-04-08 09:17 --------- d-----w C:\Program Files\QuickTime
2008-04-02 10:40 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-02 10:40 --------- d-----w C:\Program Files\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-04-02 10:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-04-02 10:39 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-04F01.MRK
2008-04-02 10:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-01 19:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-03-29 23:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-28 12:25 --------- d-----w C:\Program Files\MapImagery
2008-03-28 12:25 --------- d-----w C:\Program Files\GID
2008-03-28 12:24 --------- d-----w C:\Program Files\ER Mapper
2008-03-28 12:24 --------- d-----w C:\Program Files\ChronoMap
2008-03-28 12:23 --------- d-----w C:\Program Files\ChronoVia
2008-03-28 12:21 --------- d-----w C:\Program Files\MapInfo
2008-03-28 12:18 --------- d-----w C:\Program Files\Seagate Software
2008-03-28 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MapInfo
.

((((((((((((((((((((((((((((( snapshot@2008-05-15_12.38.03.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 10:31:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 12:56:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D305793F-3881-47E6-8683-AFAF626809CF}]
2008-05-15 14:23 318336 --a------ C:\WINDOWS\system32\hgGwUmml.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 21:04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"TFncKy"="TFncKy.exe" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMdBSiH]
qoMdBSiH.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-04-17 09:01 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\DOCUME~1\CLMENT~1\LOCALS~1\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation Svchost Services]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-10 16:55 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-29 21:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NDSTray.exe"=NDSTray.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Steam\\steamapps\\paul.lamy3@wanadoo.fr\\counter-strike\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 10:30:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 13:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 14:57:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 15:02:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 13:02:12
ComboFix2.txt 2008-05-15 12:25:06
ComboFix3.txt 2008-05-15 10:39:10

Pre-Run: 40,578,658,304 octets libres
Post-Run: 40,567,730,176 octets libres

249 --- E O F --- 2008-05-14 14:23:01




HiJackThis apres avoir fixé les lignes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:59, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equipe.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 10 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 15:30
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







File::
C:\WINDOWS\system32\lmmUwGgh.ini2
C:\WINDOWS\system32\hgGwUmml.dll



Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D305793F-3881-47E6-8683-AFAF626809CF}







Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

__________________


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
____________________
colle un rapport avec antivir et dis tes soucis actuels
















pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 11 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 19:28
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 752

Type de recherche: Examen complet (C:\|)
Eléments examinés: 116081
Temps écoulé: 39 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hgGwUmml.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ac9f60c-ab4f-40e1-b99e-4a6c61ab0193} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ac9f60c-ab4f-40e1-b99e-4a6c61ab0193} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\pvnsmfor.blqd (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\OLE\Microsoft Corporation Svchost Services (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\Microsoft Corporation Svchost Services (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Microsoft Corporation Svchost Services (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Microsoft Corporation Svchost Services (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwumml -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwumml -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\hgGwUmml.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lmmUwGgh.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lmmUwGgh.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vimpibek.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kebipmiv.ini (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMdBSiH.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP46\A0007611.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP51\A0007999.dll (Trojan.Vundo) -> No action taken.







Avira AntiVir Personal
Report file date: jeudi 15 mai 2008 16:39

Scanning for 1274495 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: AZKA-6FBB7B0EF0

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 07:01:03
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 07:01:03
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 07:01:03
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 07:01:03
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:02:45
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 13:25:02
ANTIVIR3.VDF : 7.0.4.46 307712 Bytes 15/05/2008 13:25:24
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 07:01:03
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 13:25:08
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 13:25:05
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 15:11:23
AEPACK.DLL : 8.1.1.4 364918 Bytes 04/05/2008 13:25:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 15:11:04
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 13:25:07
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 15:11:02
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 13:25:05
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 13:25:04
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 13:25:04
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 07:01:03
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 07:01:03
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 07:01:03
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 07:01:02
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 07:01:02
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 07:01:03
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 07:01:03
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 07:01:03
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 07:00:59
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 07:00:59

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 15 mai 2008 16:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'Toshiba.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'THotkey.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Clément Lamy\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Binder.BN
[NOTE] The file was moved to '48954c61.qua'!
C:\Documents and Settings\Clément Lamy\Local Settings\Application Data\Mozilla\Firefox\Profiles\906zpf59.default\Cache\63329BDCd01
[DETECTION] Contains detection pattern of the dropper DR/Binder.BN
[NOTE] The file was moved to '485f6aad.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP52\A0008203.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '485c6fa8.qua'!
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP52\A0008209.exe
[DETECTION] Contains detection pattern of the dropper DR/Binder.BN
[NOTE] The file was moved to '485c702d.qua'!
C:\WINDOWS\system32\hgGwUmml.dll
[DETECTION] Is the Trojan horse TR/Killav.28714
[NOTE] The file was moved to '4873721b.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: jeudi 15 mai 2008 19:25
Used time: 2:45:50 min

The scan has been done completely.

7449 Scanning directories
287324 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
287319 Files not concerned
8449 Archives were scanned
3 Warnings
5 Notes
0
Réponse 12 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 20:27
vire ce qui est dans le dossier quarantine en allant dans psote de travail puis
C:\QooBox\Quarantine\


______________



vire ce qui est en quarantaine dans antivir

_______________________


utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_______________________


si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là :

https://www.informatruc.com

______________________

recolle un rapport antivir et dis moi cette fois si tu as encore des problèmes!!!
0
Réponse 13 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 21:46
Avira AntiVir Personal
Report file date: jeudi 15 mai 2008 21:07

Scanning for 1274495 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: AZKA-6FBB7B0EF0

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 07:01:03
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 07:01:03
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 07:01:03
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 07:01:03
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:02:45
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 13:25:02
ANTIVIR3.VDF : 7.0.4.46 307712 Bytes 15/05/2008 13:25:24
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 07:01:03
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 13:25:08
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 13:25:05
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 15:11:23
AEPACK.DLL : 8.1.1.4 364918 Bytes 04/05/2008 13:25:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 15:11:04
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 13:25:07
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 15:11:02
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 13:25:05
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 13:25:04
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 13:25:04
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 07:01:03
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 07:01:03
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 07:01:03
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 07:01:02
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 07:01:02
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 07:01:03
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 07:01:03
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 07:01:03
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 07:00:59
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 07:00:59

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 15 mai 2008 21:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'Toshiba.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'THotkey.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: jeudi 15 mai 2008 21:37
Used time: 30:01 min

The scan has been done completely.

7381 Scanning directories
278127 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
278127 Files not concerned
8337 Archives were scanned
3 Warnings
0 Notes




voilà,
tout à l'air d'aller pour le moment, je te remercie beaucoup pour ton aide et ta patience :)
bonne continuation !
0
Réponse 14 / 15
CLAzkA Messages postés 28 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 20 juin 2008 1
15 mai 2008 à 21:47
heu je sais pas si il faut que je ferme la discussion ou pas lol :D
0
Réponse 15 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 21:59
oui tu peux mettre résolu!!!
0

Discussions similaires

Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
Infection ?
Tomy -
MisteryBean -

10 réponses
infection ou pas?
jpn1000 -
mcvivien2 -

5 réponses
Infection ou pas ???
karissia -
helpcenter -

1 réponse
Infection pc
Nanie24 -
Nanie24 -

22 réponses