trojan.spy.html.bankfraud.dq Résolu/Fermé

Question

Bonjour,

comment empêcher les messages troja.spy.html.bankfraud.dq, trojan.spy.win32.greenscreen, et un autre que je n'ai pas relevé
voici le rapport de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:48, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Application Data\crynypar\mlgrwven.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\oncpwraj.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Widget Neuf] "C:\Program Files\Neuf\Widget Neuf\9widget.exe"
O4 - HKCU\..\Run: [GenMsgUi] C:\WINDOWS\system32\oncpwraj.exe
O4 - HKCU\..\Run: [cfgsrvchk] C:\WINDOWS\system32	spgbuhy.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [05zUNuiBjl] C:\Documents and Settings\All Users\Application Data\crynypar\mlgrwven.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O21 - SSODL: CmdMsgUi - {00B1094B-2CBB-40B6-F2FE-05C334F51DE2} - C:\Program Files\bgzrgce\CmdMsgUi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe

g!rly · Answer

salut,

il faut nettoyer...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement un nouveau rapport hijack this stp

@+

g!rly · Answer

la suite :

Copie le texte ci-dessous :

Folder::
C:\Documents and Settings\All Users\Application Data\crynypar
C:\Program Files\bgzrgce
C:\Program Files\Spyware-Secure

File::
C:\WINDOWS\system32\oncpwraj.exe
C:\WINDOWS\system32	spgbuhy.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenMsgUi"=-
"cfgsrvchk"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"05zUNuiBjl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CmdMsgUi"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

g!rly · Answer

non c´est ok comme ca :)

supprime encore ces fichiers manuellement :

C:\WINDOWS\imsins.BAK 
C:\WINDOWS\ALCXMNTR.EXE

puis

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

g!rly · Answer

ok tres bien

ALCXMNTR.EXE fais partie de ta carte son, c´est un collecteur d´info, mais c´est pas bien grave...

repost un nouveau hijack this stp

@+

g!rly · Answer

ok

a l´aide de hijack this coche et fix les lignes ci dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

ta version de acrobat reader n´est pas a jour, tu veux la version 9 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

regarde ce tutorial pour mettre ta console java a jour :
 
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

il y a deux tuto, java et flash, ne te trompes pas ;)

puis

pour plus de secu :

par feu :

zone alarm facile a configurer...

https://www.malekal.com/tutoriel-zonealarm-firewall/

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

et

spyware gard :

https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

puis

pourquoi ne pas surfer avec firefox? = plus sur,  tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins : ad block plus, no script ect...

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

voila`

g!rly · Answer

ok tres bie ;)
on met le probleme en resolu ?

g!rly · Answer

ok 
bonne continuation ;)
bye
g!rly`

g!rly · Answer

Salut,

regarde ceci :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

il y a une partie consacré a flash, la premiere...

nulleninfo · Answer

c'est bon merci, 

je sais pas comment j'ai fait, j'ai bidouillé un peu tout, mais ça remarche

heureusement qu'il y a des pro comme toi pour rendre service a des nulles comme moi

g!rly · Answer

tres bien ,)
@+

g!rly · Answer

Mat, 

Combofix n´est pas a utiliser comme ca a la legere surtout avec un script qui ne nous ai pas destiné...

si tu es encore la 

post un rapport hijack this stp

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+

cht · Answer

Bonjour,

J'ai moi aussi récupéré ce trojan cette semaine, j'ai lancé malwarebytes, enlevé mon avast pour antivir, installé combofix, mais bon toujours encore ce trojan qui revient, je poste mon rapport hijackthis si vous voulez bien l'analyser et me dire quelle ligne enlever svp ...
merci d'avance !

g!rly · Answer

Salut 

post ton rapport combofix stp

il est situé ici :

C:\combofix.txt

@+

cht · Answer

Le voici, merci ! ComboFix 08-08-23.03 - HP_Administrateur 2008-08-24 15:02:27.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1405 [GMT 2:00] Endroit: C:\Documents and Settings\HP_Administrateur\Mes documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))))))) . 2008-08-22 20:26 . 2008-08-22 20:28 d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-22 15:18 . 2008-08-22 15:18 d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-22 15:07 . 2008-08-22 15:07 d----c--- C:\Program Files\CCleaner 2008-08-22 13:35 . 2008-08-22 13:35 d----c--- C:\Program Files\Avira 2008-08-22 13:35 . 2008-08-22 13:35 d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-21 22:26 . 2008-08-22 09:51 d----c--- C:\Documents and Settings\HP_Administrateur\.housecall6.6 2008-08-21 20:59 . 2008-08-21 20:59 d----c--- C:\Program Files\Lavasoft 2008-08-21 20:59 . 2008-08-21 20:59 d----c--- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-21 20:59 . 2008-08-21 21:00 d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-21 07:57 . 2008-08-21 08:03 2,530 --a--c--- C:\WINDOWS\system32 mp.reg 2008-08-21 07:54 . 2008-08-21 07:54 d----c--- C:\_OTMoveIt 2008-08-21 07:47 . 2008-08-21 07:47 98,304 --a--c--- C:\WINDOWS\system32\ypmvgpet.exe 2008-08-21 07:29 . 2008-08-21 07:29 d----c--- C:\Program Files\Trend Micro 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 00:08 . 2008-08-17 15:01 38,472 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-21 00:08 . 2008-08-17 15:01 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-08-20 08:14 . 2008-08-20 08:14 d----c--- C:\Program Files\mcrlkab 2008-08-20 08:14 . 2008-08-20 08:14 d----c--- C:\Documents and Settings\All Users\Application Data kvuvodw 2008-08-12 23:37 . 2008-08-13 08:06 d----c--- C:\Program Files\Free Video Converter 2008-08-09 18:33 . 2008-08-09 18:33 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\dvdcss 2008-08-01 04:57 . 2008-08-01 04:57 d----c--- C:\Program Files\Sun 2008-08-01 04:57 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\system32\javacpl.cpl 2008-07-31 10:09 . 2005-02-24 12:10 2,084,864 --a--c--- C:\WINDOWS\system32\AudDesign.dll 2008-07-31 10:09 . 2005-03-11 17:37 1,986,560 --a--c--- C:\WINDOWS\system32\AudFile.dll 2008-07-31 10:09 . 2005-02-24 12:11 1,212,416 --a--c--- C:\WINDOWS\system32\AudioInfos.dll 2008-07-31 10:09 . 2005-02-24 12:11 479,232 --a--c--- C:\WINDOWS\system32\AudioVisu.dll 2008-07-31 10:09 . 2005-02-24 15:21 458,752 --a--c--- C:\WINDOWS\system32\AudPlayer.dll 2008-07-31 10:09 . 2005-03-10 16:00 454,656 --a--c--- C:\WINDOWS\system32\AudioRecord.dll 2008-07-31 10:09 . 2005-02-24 12:10 417,792 --a--c--- C:\WINDOWS\system32\AudDisplay.dll 2008-07-31 10:09 . 2005-02-24 11:51 348,160 --a--c--- C:\WINDOWS\system32\WMAFile.dll 2008-07-31 10:09 . 2003-08-07 15:01 237,568 --a--c--- C:\WINDOWS\system32\lame_enc.dll 2008-07-31 10:09 . 2005-01-10 12:54 116,296 --a--c--- C:\WINDOWS\system32\NCTWMAProfiles.prx 2008-07-30 15:05 . 2008-07-30 15:05 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung 2008-07-30 15:01 . 2006-05-03 22:53 174,592 --a--c--- C:\WINDOWS\system32\framedyn.dll 2008-07-30 15:00 . 2006-07-24 16:05 5,632 --a--c--- C:\WINDOWS\system32\drivers\StarOpen.sys 2008-07-30 14:55 . 2008-07-30 15:00 d----c--- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-07-30 14:55 . 2008-07-30 14:55 d----c--- C:\Program Files\Samsung 2008-07-30 14:55 . 2005-08-30 01:49 94,000 --a--c--- C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-07-30 14:55 . 2005-08-30 01:47 58,320 --a--c--- C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-07-30 14:55 . 2005-08-30 01:49 8,336 --a--c--- C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-07-30 14:55 . 2005-08-30 01:49 6,176 --a--c--- C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-07-30 14:55 . 2005-08-30 01:49 6,176 --a--c--- C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-07-30 14:55 . 2005-08-30 01:47 5,840 --a--c--- C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-07-30 14:55 . 2005-08-30 01:47 5,840 --a--c--- C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-07-30 14:55 . 2005-08-28 20:51 766 --a--c--- C:\WINDOWS\system32\Uninstall.ico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 10:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-22 13:07 --------- dc----w C:\Program Files\Yahoo! 2008-08-22 10:45 --------- dc----w C:\Program Files\BeClean 2008-08-20 06:28 --------- dc----w C:\Program Files\DaemonTools_WhenUSave_Installer 2008-08-17 15:35 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-15 04:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-13 05:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-08-13 05:58 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM 2008-08-09 15:53 --------- dc----w C:\Program Files\Google 2008-08-01 02:57 --------- dc----w C:\Program Files\Java 2008-07-31 08:09 --------- dc----w C:\Program Files\Free Audio Pack 2008-07-30 14:44 --------- dc----w C:\Program Files\Everest Poker 2008-07-30 13:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll 2008-07-16 16:59 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\MahJong Suite 2008-07-10 21:25 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data tr 2008-07-10 20:54 --------- dc----w C:\Program Files\MahJong Suite 2008-07-10 20:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-07-07 21:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll 2008-06-28 17:24 --------- dc----w C:\Program Files\Fichiers communs\Real 2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:15 671,232 -c--a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 -c--a-w C:\WINDOWS\system32\mswsock.dll 2007-04-05 21:39 87,608 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe 2007-04-05 21:39 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys 2006-10-20 18:38 251 -c--a-w C:\Program Files\wt3d.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 20:08 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 05:05 4354048] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "srvwin"="C:\WINDOWS\system32\ypmvgpet.exe" [2008-08-21 07:47 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 15:15 151552] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 12:58 1069920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll] "nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32 wiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 05:05 16239616 C:\WINDOWS\RTHDCPL.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 13:33:00 110592] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2008-04-23 03:38:16 29696] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 18:05:35 805392] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 01:34:59 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ProcUi"= {63A3F202-0FC6-FBA7-7EDB-0ACC02AF7911} - C:\Program Files\mcrlkab\ProcUi.dll [2008-08-20 08:14 102400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\system32\fxsclnt.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Shareaza\Shareaza.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\WINDOWS\system32\rtcshare.exe"= "C:\Program Files\NetMeeting\conf.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9845:TCP"= 9845:TCP:BitComet 9845 TCP "9845:UDP"= 9845:UDP:BitComet 9845 UDP "28521:TCP"= 28521:TCP:port de utorrent "6346:TCP"= 6346:TCP:g2 "6346:UDP"= 6346:UDP:g2udp "2979:TCP"= 2979:TCP:g1tcp "2979:UDP"= 2979:UDP:giudp R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-07-01 11:15] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fdb0342-571d-11dc-bed5-001731f80782}] \Shell\AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f252447c-58d3-11dc-beda-001731f80782}] \Shell\AutoRun\command - W:\RunGame.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\7exmabwv.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.windowslive.fr/hotmail/demo/default.asp|http://by130w.bay130.mail.live.com/mail/InboxLight.aspx?n=482154123|http://by130w.bay130.mail.live.com/mail/InboxLight.aspx?FolderID=00000000-0000-0000-0000-000000000001&n=352993303 FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser ppdf32.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021 pCIDetect11.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins pitunes.dll FF -: plugin - C:\Program Files\Yahoo!\Common pyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 15:03:24 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-24 15:06:32 ComboFix-quarantined-files.txt 2008-08-24 13:05:52 ComboFix2.txt 2008-08-24 12:36:07 ComboFix3.txt 2008-08-22 10:57:53 Pre-Run: 127,254,155,264 octets libres Post-Run: 127,236,935,680 octets libres 222 --- E O F --- 2008-08-15 04:21:09

g!rly · Answer

D´accord

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\ypmvgpet.exe

Folder::
C:\Program Files\Search Settings
C:\Program Files\mcrlkab

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srvwin"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ProcUi"=-
"{63A3F202-0FC6-FBA7-7EDB-0ACC02AF7911}"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

cht · Answer

voici le rapport: ComboFix 08-08-23.03 - HP_Administrateur 2008-08-24 15:47:09.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1419 [GMT 2:00] Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\ypmvgpet.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\mcrlkab C:\Program Files\mcrlkab\ProcUi.dll C:\Program Files\Search Settings C:\Program Files\Search Settings\kb125 es\ErrorPageTemplate.css C:\Program Files\Search Settings\kb125 es\help.gif C:\Program Files\Search Settings\kb125 es\pixel.gif C:\Program Files\Search Settings\kb125 es ab_icon.png C:\Program Files\Search Settings\kb125 es abdata.js C:\Program Files\Search Settings\kb125 es ablib.js C:\Program Files\Search Settings\kb125 es abwelcome_en.html C:\Program Files\Search Settings\kb125 es oolbar_background.gif C:\Program Files\Search Settings\kb125 es\vista_directions.png C:\Program Files\Search Settings\kb125 es\xp_directions.png C:\Program Files\Search Settings\kb125 es\yahoo_search.gif C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ypmvgpet.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))))))) . 2008-08-22 20:26 . 2008-08-22 20:28 d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-22 15:18 . 2008-08-22 15:18 d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-22 15:07 . 2008-08-22 15:07 d----c--- C:\Program Files\CCleaner 2008-08-22 13:35 . 2008-08-22 13:35 d----c--- C:\Program Files\Avira 2008-08-22 13:35 . 2008-08-22 13:35 d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-21 22:26 . 2008-08-22 09:51 d----c--- C:\Documents and Settings\HP_Administrateur\.housecall6.6 2008-08-21 20:59 . 2008-08-21 20:59 d----c--- C:\Program Files\Lavasoft 2008-08-21 20:59 . 2008-08-21 20:59 d----c--- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-21 20:59 . 2008-08-21 21:00 d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-21 07:57 . 2008-08-21 08:03 2,530 --a--c--- C:\WINDOWS\system32 mp.reg 2008-08-21 07:54 . 2008-08-21 07:54 d----c--- C:\_OTMoveIt 2008-08-21 07:29 . 2008-08-21 07:29 d----c--- C:\Program Files\Trend Micro 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 00:08 . 2008-08-17 15:01 38,472 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-21 00:08 . 2008-08-17 15:01 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-08-20 08:14 . 2008-08-20 08:14 d----c--- C:\Documents and Settings\All Users\Application Data kvuvodw 2008-08-12 23:37 . 2008-08-13 08:06 d----c--- C:\Program Files\Free Video Converter 2008-08-09 18:33 . 2008-08-09 18:33 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\dvdcss 2008-08-01 04:57 . 2008-08-01 04:57 d----c--- C:\Program Files\Sun 2008-08-01 04:57 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\system32\javacpl.cpl 2008-07-31 10:09 . 2005-02-24 12:10 2,084,864 --a--c--- C:\WINDOWS\system32\AudDesign.dll 2008-07-31 10:09 . 2005-03-11 17:37 1,986,560 --a--c--- C:\WINDOWS\system32\AudFile.dll 2008-07-31 10:09 . 2005-02-24 12:11 1,212,416 --a--c--- C:\WINDOWS\system32\AudioInfos.dll 2008-07-31 10:09 . 2005-02-24 12:11 479,232 --a--c--- C:\WINDOWS\system32\AudioVisu.dll 2008-07-31 10:09 . 2005-02-24 15:21 458,752 --a--c--- C:\WINDOWS\system32\AudPlayer.dll 2008-07-31 10:09 . 2005-03-10 16:00 454,656 --a--c--- C:\WINDOWS\system32\AudioRecord.dll 2008-07-31 10:09 . 2005-02-24 12:10 417,792 --a--c--- C:\WINDOWS\system32\AudDisplay.dll 2008-07-31 10:09 . 2005-02-24 11:51 348,160 --a--c--- C:\WINDOWS\system32\WMAFile.dll 2008-07-31 10:09 . 2003-08-07 15:01 237,568 --a--c--- C:\WINDOWS\system32\lame_enc.dll 2008-07-31 10:09 . 2005-01-10 12:54 116,296 --a--c--- C:\WINDOWS\system32\NCTWMAProfiles.prx 2008-07-30 15:05 . 2008-07-30 15:05 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung 2008-07-30 15:01 . 2006-05-03 22:53 174,592 --a--c--- C:\WINDOWS\system32\framedyn.dll 2008-07-30 15:00 . 2006-07-24 16:05 5,632 --a--c--- C:\WINDOWS\system32\drivers\StarOpen.sys 2008-07-30 14:55 . 2008-07-30 15:00 d----c--- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-07-30 14:55 . 2008-07-30 14:55 d----c--- C:\Program Files\Samsung 2008-07-30 14:55 . 2005-08-30 01:49 94,000 --a--c--- C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-07-30 14:55 . 2005-08-30 01:47 58,320 --a--c--- C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-07-30 14:55 . 2005-08-30 01:49 8,336 --a--c--- C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-07-30 14:55 . 2005-08-30 01:49 6,176 --a--c--- C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-07-30 14:55 . 2005-08-30 01:49 6,176 --a--c--- C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-07-30 14:55 . 2005-08-30 01:47 5,840 --a--c--- C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-07-30 14:55 . 2005-08-30 01:47 5,840 --a--c--- C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-07-30 14:55 . 2005-08-28 20:51 766 --a--c--- C:\WINDOWS\system32\Uninstall.ico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 10:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-22 13:07 --------- dc----w C:\Program Files\Yahoo! 2008-08-22 10:45 --------- dc----w C:\Program Files\BeClean 2008-08-20 06:28 --------- dc----w C:\Program Files\DaemonTools_WhenUSave_Installer 2008-08-17 15:35 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-15 04:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-13 05:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-08-13 05:58 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM 2008-08-09 15:53 --------- dc----w C:\Program Files\Google 2008-08-01 02:57 --------- dc----w C:\Program Files\Java 2008-07-31 08:09 --------- dc----w C:\Program Files\Free Audio Pack 2008-07-30 14:44 --------- dc----w C:\Program Files\Everest Poker 2008-07-30 13:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll 2008-07-16 16:59 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\MahJong Suite 2008-07-10 21:25 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data tr 2008-07-10 20:54 --------- dc----w C:\Program Files\MahJong Suite 2008-07-10 20:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-07-07 21:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll 2008-06-28 17:24 --------- dc----w C:\Program Files\Fichiers communs\Real 2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:15 671,232 -c--a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 -c--a-w C:\WINDOWS\system32\mswsock.dll 2007-04-05 21:39 87,608 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe 2007-04-05 21:39 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys 2006-10-20 18:38 251 -c--a-w C:\Program Files\wt3d.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 20:08 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 05:05 4354048] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 15:15 151552] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll] "nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32 wiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 05:05 16239616 C:\WINDOWS\RTHDCPL.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 13:33:00 110592] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2008-04-23 03:38:16 29696] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 18:05:35 805392] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 01:34:59 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\system32\fxsclnt.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Shareaza\Shareaza.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\WINDOWS\system32\rtcshare.exe"= "C:\Program Files\NetMeeting\conf.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9845:TCP"= 9845:TCP:BitComet 9845 TCP "9845:UDP"= 9845:UDP:BitComet 9845 UDP "28521:TCP"= 28521:TCP:port de utorrent "6346:TCP"= 6346:TCP:g2 "6346:UDP"= 6346:UDP:g2udp "2979:TCP"= 2979:TCP:g1tcp "2979:UDP"= 2979:UDP:giudp R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-07-01 11:15] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fdb0342-571d-11dc-bed5-001731f80782}] \Shell\AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f252447c-58d3-11dc-beda-001731f80782}] \Shell\AutoRun\command - W:\RunGame.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 15:48:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-08-24 15:51:32 ComboFix-quarantined-files.txt 2008-08-24 13:50:30 ComboFix2.txt 2008-08-24 13:40:42 ComboFix3.txt 2008-08-24 13:06:32 ComboFix4.txt 2008-08-24 12:36:07 ComboFix5.txt 2008-08-24 13:46:56 Pre-Run: 127,221,293,056 octets libres Post-Run: 127,201,366,016 octets libres 228 --- E O F --- 2008-08-15 04:21:09

g!rly · Answer

D´accord; tu voies maintenant, on c´est emmêlé les pinceaux...
Si j´ai bien compris, Ezula, ne va pas continuer...
Post un nouveau rapport hijack this stp
@+

cht · Answer

ok merci moi aussi je me suis emmélé les pinceaux mais je garde le cap !! voici mon log highjackthis: ComboFix 08-08-23.03 - HP_Administrateur 2008-08-24 15:47:09.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1419 [GMT 2:00] Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\ypmvgpet.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\mcrlkab C:\Program Files\mcrlkab\ProcUi.dll C:\Program Files\Search Settings C:\Program Files\Search Settings\kb125 es\ErrorPageTemplate.css C:\Program Files\Search Settings\kb125 es\help.gif C:\Program Files\Search Settings\kb125 es\pixel.gif C:\Program Files\Search Settings\kb125 es ab_icon.png C:\Program Files\Search Settings\kb125 es abdata.js C:\Program Files\Search Settings\kb125 es ablib.js C:\Program Files\Search Settings\kb125 es abwelcome_en.html C:\Program Files\Search Settings\kb125 es oolbar_background.gif C:\Program Files\Search Settings\kb125 es\vista_directions.png C:\Program Files\Search Settings\kb125 es\xp_directions.png C:\Program Files\Search Settings\kb125 es\yahoo_search.gif C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ypmvgpet.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))))))) . 2008-08-22 20:26 . 2008-08-22 20:28 d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-22 15:18 . 2008-08-22 15:18 d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-22 15:07 . 2008-08-22 15:07 d----c--- C:\Program Files\CCleaner 2008-08-22 13:35 . 2008-08-22 13:35 d----c--- C:\Program Files\Avira 2008-08-22 13:35 . 2008-08-22 13:35 d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-21 22:26 . 2008-08-22 09:51 d----c--- C:\Documents and Settings\HP_Administrateur\.housecall6.6 2008-08-21 20:59 . 2008-08-21 20:59 d----c--- C:\Program Files\Lavasoft 2008-08-21 20:59 . 2008-08-21 20:59 d----c--- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-21 20:59 . 2008-08-21 21:00 d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-21 07:57 . 2008-08-21 08:03 2,530 --a--c--- C:\WINDOWS\system32 mp.reg 2008-08-21 07:54 . 2008-08-21 07:54 d----c--- C:\_OTMoveIt 2008-08-21 07:29 . 2008-08-21 07:29 d----c--- C:\Program Files\Trend Micro 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes 2008-08-21 00:08 . 2008-08-21 00:08 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 00:08 . 2008-08-17 15:01 38,472 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-21 00:08 . 2008-08-17 15:01 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-08-20 08:14 . 2008-08-20 08:14 d----c--- C:\Documents and Settings\All Users\Application Data kvuvodw 2008-08-12 23:37 . 2008-08-13 08:06 d----c--- C:\Program Files\Free Video Converter 2008-08-09 18:33 . 2008-08-09 18:33 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\dvdcss 2008-08-01 04:57 . 2008-08-01 04:57 d----c--- C:\Program Files\Sun 2008-08-01 04:57 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\system32\javacpl.cpl 2008-07-31 10:09 . 2005-02-24 12:10 2,084,864 --a--c--- C:\WINDOWS\system32\AudDesign.dll 2008-07-31 10:09 . 2005-03-11 17:37 1,986,560 --a--c--- C:\WINDOWS\system32\AudFile.dll 2008-07-31 10:09 . 2005-02-24 12:11 1,212,416 --a--c--- C:\WINDOWS\system32\AudioInfos.dll 2008-07-31 10:09 . 2005-02-24 12:11 479,232 --a--c--- C:\WINDOWS\system32\AudioVisu.dll 2008-07-31 10:09 . 2005-02-24 15:21 458,752 --a--c--- C:\WINDOWS\system32\AudPlayer.dll 2008-07-31 10:09 . 2005-03-10 16:00 454,656 --a--c--- C:\WINDOWS\system32\AudioRecord.dll 2008-07-31 10:09 . 2005-02-24 12:10 417,792 --a--c--- C:\WINDOWS\system32\AudDisplay.dll 2008-07-31 10:09 . 2005-02-24 11:51 348,160 --a--c--- C:\WINDOWS\system32\WMAFile.dll 2008-07-31 10:09 . 2003-08-07 15:01 237,568 --a--c--- C:\WINDOWS\system32\lame_enc.dll 2008-07-31 10:09 . 2005-01-10 12:54 116,296 --a--c--- C:\WINDOWS\system32\NCTWMAProfiles.prx 2008-07-30 15:05 . 2008-07-30 15:05 d----c--- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung 2008-07-30 15:01 . 2006-05-03 22:53 174,592 --a--c--- C:\WINDOWS\system32\framedyn.dll 2008-07-30 15:00 . 2006-07-24 16:05 5,632 --a--c--- C:\WINDOWS\system32\drivers\StarOpen.sys 2008-07-30 14:55 . 2008-07-30 15:00 d----c--- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-07-30 14:55 . 2008-07-30 14:55 d----c--- C:\Program Files\Samsung 2008-07-30 14:55 . 2005-08-30 01:49 94,000 --a--c--- C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-07-30 14:55 . 2005-08-30 01:47 58,320 --a--c--- C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-07-30 14:55 . 2005-08-30 01:49 8,336 --a--c--- C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-07-30 14:55 . 2005-08-30 01:49 6,176 --a--c--- C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-07-30 14:55 . 2005-08-30 01:49 6,176 --a--c--- C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-07-30 14:55 . 2005-08-30 01:47 5,840 --a--c--- C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-07-30 14:55 . 2005-08-30 01:47 5,840 --a--c--- C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-07-30 14:55 . 2005-08-28 20:51 766 --a--c--- C:\WINDOWS\system32\Uninstall.ico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 10:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-22 13:07 --------- dc----w C:\Program Files\Yahoo! 2008-08-22 10:45 --------- dc----w C:\Program Files\BeClean 2008-08-20 06:28 --------- dc----w C:\Program Files\DaemonTools_WhenUSave_Installer 2008-08-17 15:35 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-15 04:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-13 05:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-08-13 05:58 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM 2008-08-09 15:53 --------- dc----w C:\Program Files\Google 2008-08-01 02:57 --------- dc----w C:\Program Files\Java 2008-07-31 08:09 --------- dc----w C:\Program Files\Free Audio Pack 2008-07-30 14:44 --------- dc----w C:\Program Files\Everest Poker 2008-07-30 13:00 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll 2008-07-16 16:59 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data\MahJong Suite 2008-07-10 21:25 --------- dc----w C:\Documents and Settings\HP_Administrateur\Application Data tr 2008-07-10 20:54 --------- dc----w C:\Program Files\MahJong Suite 2008-07-10 20:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-07-07 21:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll 2008-06-28 17:24 --------- dc----w C:\Program Files\Fichiers communs\Real 2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:15 671,232 -c--a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 -c--a-w C:\WINDOWS\system32\mswsock.dll 2007-04-05 21:39 87,608 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe 2007-04-05 21:39 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys 2006-10-20 18:38 251 -c--a-w C:\Program Files\wt3d.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 20:08 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 05:05 4354048] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 15:15 151552] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll] "nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32 wiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 05:05 16239616 C:\WINDOWS\RTHDCPL.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 13:33:00 110592] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2008-04-23 03:38:16 29696] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 18:05:35 805392] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 01:34:59 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\system32\fxsclnt.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Shareaza\Shareaza.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\WINDOWS\system32\rtcshare.exe"= "C:\Program Files\NetMeeting\conf.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9845:TCP"= 9845:TCP:BitComet 9845 TCP "9845:UDP"= 9845:UDP:BitComet 9845 UDP "28521:TCP"= 28521:TCP:port de utorrent "6346:TCP"= 6346:TCP:g2 "6346:UDP"= 6346:UDP:g2udp "2979:TCP"= 2979:TCP:g1tcp "2979:UDP"= 2979:UDP:giudp R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-07-01 11:15] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fdb0342-571d-11dc-bed5-001731f80782}] \Shell\AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f252447c-58d3-11dc-beda-001731f80782}] \Shell\AutoRun\command - W:\RunGame.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 15:48:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-08-24 15:51:32 ComboFix-quarantined-files.txt 2008-08-24 13:50:30 ComboFix2.txt 2008-08-24 13:40:42 ComboFix3.txt 2008-08-24 13:06:32 ComboFix4.txt 2008-08-24 12:36:07 ComboFix5.txt 2008-08-24 13:46:56 Pre-Run: 127,221,293,056 octets libres Post-Run: 127,201,366,016 octets libres 228 --- E O F --- 2008-08-15 04:21:09

g!rly · Answer

LOL

Tu m´as reposté le rapport combofix...

Post celui ci :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+

cht · Answer

ah la laaa la jeunesse !! j'avais du manquer mon "copier", donc le voici ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:32, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://by130w.bay130.mail.live.com
O15 - Trusted Zone: www.live.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{949D8D2F-5FB8-4D6E-84FA-2A41158AEF7A}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

g!rly · Answer

ok

a l´aide de hijack this coche et fix :

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab 

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

important :

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70 

et pourquoi ne pas surfer avec firefox? = plus sur,  tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins :ad block plus, no script ect...

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

puis :

C´est un peu long mais...

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

cht · Answer

ok je suis en train de faire le scan avec malwarebyte, mais délà tt à l'heure il n'avait rien trouvé
j'avais désinstallé ie7 pour me mettre sur mozilla mais j'avais gardé ie6 car j'ai vu que pour windows c'était un peu nécessaire, donc je réinstalle ie7, et vais poster le log de  malwarebyte

pour info depuis le fix avec combofix je n'ai plus de messages d'alerte ca me semble résolu ...

g!rly · Answer

cht,

Si tu as passé malwarebytes tout á l´heure et qu´il n´a rien trouvé, ce n´est pas la peine de le passer une autre fois ;)

Oui reinstalles ie 7.0

Oui j´imagine que tu ne dois plus avoir d´alerte ;)

Post encore un dernier hijack this apres les manips stp

@+

cht · Answer

Bon voici le log highjackthis, ya plus rien c'est niquel !
Merci à tous pour votre travail.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:11, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://by130w.bay130.mail.live.com
O15 - Trusted Zone: www.live.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{949D8D2F-5FB8-4D6E-84FA-2A41158AEF7A}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

g!rly · Answer

Salut Cht,

Excuse pour le delais...

A l´aide de hijack this coche et fix encore ceci :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab 

puis tu n´as pas de par feu :

Installes :

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

Ou

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://www.malekal.com/tutorial-online-armor-free/

ou zone alarm plus facil a configurer mais moins performant

https://www.malekal.com/tutoriel-zonealarm-firewall/

Bonus :

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

Pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

Voila`

Bises`

@+

cht · Answer

salut, j'ai effectué toutes les modifs je crois, je poste le rapport tcleaner

en tout cas merci pour tout, c'est du super boulot bravo à toi et à ton équipe !!!

@+
-->- Recherche: 

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

g!rly · Answer

Tres bien Cht`

Nos chemins se séparent maintenant...

De rien ;)

Bonne continuation`

bye`

g!rly`

g!rly · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''

OrgasmO · Answer

g!rlyyyyyy j'ai moi aussi le meme probleme !!!
J'ai créé un message personel (http://www.commentcamarche.net/forum/affich 8281538 infection malware) mais j'ai toujours le malware qui apparait ) ... je crois que seule tOi peut m'aider :o)

J'espere que quelqu'un pourra m'aider 
bisous

g!rly · Answer

apparemment ep44 a assuré ?!
;)

spiderlolo · Answer

salut meme probleme voici mon rapport:

ComboFix 08-09-10.02 - SPIDER LOLO 2008-09-11 11:32:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1842 [GMT 2:00]
Endroit: C:\Users\SPIDER LOLO\Desktop\ComboFix.exe
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-08-11 to 2008-09-11  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 09:10	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\FrostWire
2008-09-09 23:56	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\CyberLink
2008-09-09 20:25	---------	d-----w	C:\ProgramData\ProcCfgApl
2008-09-09 17:07	---------	d-----w	C:\Program Files\LCI
2008-09-09 08:30	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Skype
2008-09-09 08:25	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\skypePM
2008-09-08 18:46	56	---ha-w	C:\Users\All Users\ezsidmv.dat
2008-09-08 18:46	56	---ha-w	C:\ProgramData\ezsidmv.dat
2008-09-08 15:06	---------	d-----w	C:\ProgramData\Skype
2008-09-08 15:06	---------	d-----w	C:\Program Files\Skype
2008-09-08 15:06	---------	d-----w	C:\Program Files\Common Files\Skype
2008-09-08 06:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-08 06:37	---------	d-----w	C:\ProgramData\Ulead Systems
2008-09-07 20:56	---------	d-----w	C:\ProgramData\Symantec
2008-09-07 10:50	---------	d-----w	C:\Program Files\FrostWire
2008-09-07 00:23	---------	d-----w	C:\Program Files\VDOWNLOADER
2008-09-06 23:58	---------	d-----w	C:\Program Files\EoRezo
2008-09-06 23:40	---------	d---a-w	C:\ProgramData\TEMP
2008-09-04 21:17	---------	d-----w	C:\ProgramData\eMule
2008-09-04 21:17	---------	d-----w	C:\Program Files\eMule
2008-09-04 10:51	---------	d-----w	C:\ProgramData\Megaupload
2008-09-04 10:51	---------	d-----w	C:\ProgramData\EmailNotifier
2008-09-04 06:45	---------	d-----w	C:\Program Files\WebSite X5 Evolution
2008-09-03 16:13	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Sony
2008-09-03 16:13	---------	d-----w	C:\ProgramData\Sony
2008-09-03 16:03	---------	d-----w	C:\Program Files\Sony Ericsson
2008-09-03 16:03	---------	d-----w	C:\Program Files\QuickTime
2008-09-03 16:02	---------	d-----w	C:\ProgramData\Apple Computer
2008-09-03 16:02	---------	d-----w	C:\ProgramData\Apple
2008-09-03 16:02	---------	d-----w	C:\Program Files\Apple Software Update
2008-09-03 15:44	---------	d-----w	C:\ProgramData\Sony Ericsson
2008-09-01 22:17	---------	d-----w	C:\Program Files\Micro Application
2008-08-31 13:44	---------	d-----w	C:\Program Files\Architecte 3D Platinium Demo
2008-08-31 13:32	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Blender Foundation
2008-08-31 13:32	---------	d-----w	C:\Program Files\Blender Foundation
2008-08-31 12:50	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\gtk-2.0
2008-08-31 12:46	---------	d-----w	C:\Program Files\GIMP-2.0
2008-08-25 20:01	---------	d-----w	C:\ProgramData\orkvufqv
2008-08-24 20:59	---------	d-----w	C:\ProgramData\NtiDvdCopy
2008-08-24 17:30	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-08-24 17:28	---------	d-----w	C:\Program Files\DivX
2008-08-24 10:19	---------	d-----w	C:\Program Files\Hercules
2008-08-24 08:22	---------	d-----w	C:\Program Files\Sony
2008-08-24 08:20	---------	d-----w	C:\Program Files\Acer GameZone
2008-08-24 08:19	---------	d-----w	C:\Program Files\Image-Line
2008-08-24 08:18	---------	d-----w	C:\Program Files\VstPlugins
2008-08-23 18:27	---------	d-----w	C:\ProgramData\Microsoft Help
2008-08-23 03:21	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Juce VST Host
2008-08-23 02:55	---------	d-----w	C:\Program Files\Sony Setup
2008-08-23 02:54	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Deckadance
2008-08-23 02:31	---------	d-----w	C:\Program Files\eSobi
2008-08-23 02:12	---------	d-----w	C:\Program Files\Outsim
2008-08-23 01:49	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Publish Providers
2008-08-19 08:45	---------	d-----w	C:\Program Files\MSBuild
2008-08-19 08:43	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-08-18 23:06	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-08-18 22:18	---------	d-----w	C:\ProgramData\FLEXnet
2008-08-18 21:42	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\OpenOffice.org2
2008-08-18 21:34	---------	d-----w	C:\Program Files\Bonjour
2008-08-18 21:29	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-08-18 20:27	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\HP
2008-08-18 20:25	---------	d-----w	C:\ProgramData\WEBREG
2008-08-18 20:25	---------	d-----w	C:\ProgramData\HP
2008-08-18 20:23	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\HPAppData
2008-08-18 20:23	---------	d-----w	C:\ProgramData\HPSSUPPLY
2008-08-18 20:23	---------	d-----w	C:\Program Files\HP
2008-08-18 20:21	---------	d-----w	C:\ProgramData\HP Product Assistant
2008-08-18 20:21	---------	d-----w	C:\Program Files\Hewlett-Packard
2008-08-18 20:21	---------	d-----w	C:\Program Files\Common Files\HP
2008-08-18 20:20	---------	d-----w	C:\Program Files\Common Files\Hewlett-Packard
2008-08-18 20:19	0	----a-w	C:\Users\SPIDER LOLO\AppData\Roaming\wklnhst.dat
2008-08-18 20:14	---------	d-----w	C:\ProgramData\Hewlett-Packard
2008-08-18 20:06	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\Ulead Systems
2008-08-18 20:03	---------	d-----w	C:\Program Files\Common Files\InterVideo
2008-08-18 20:02	---------	d-----w	C:\Program Files\Windows Media Components
2008-08-18 18:04	---------	d-----w	C:\Program Files\Audacity
2008-08-18 14:18	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\EoRezo
2008-08-17 21:10	---------	d-----w	C:\ProgramData\Downloaded Installations
2008-08-17 20:54	---------	d-----w	C:\Program Files\Java
2008-08-17 18:07	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\ItsLabel
2008-08-17 17:58	---------	d-----w	C:\Program Files\Common Files\MAGIX Shared
2008-08-17 17:53	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\GetRightToGo
2008-08-17 17:22	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_HDJBulk_01005.Wdf
2008-08-17 17:22	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_HDJAsioK_01005.Wdf
2008-08-17 16:34	---------	d-----w	C:\Program Files\Common Files\Java
2008-08-17 16:28	---------	d-----w	C:\Users\SPIDER LOLO\AppData\Roaming\DivX
2008-08-17 16:16	---------	d-----w	C:\Program Files\Common Files\PX Storage Engine
2008-08-17 11:57	---------	d-----w	C:\Program Files\Norton Internet Security
2008-08-17 11:57	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-17 11:04	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-17 11:04	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-17 11:04	10,671	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-17 11:04	---------	d-----w	C:\Program Files\Symantec
2008-08-17 10:04	704,000	----a-w	C:\Windows\System32\PhotoScreensaver.scr
2008-08-17 10:04	67,584	----a-w	C:\Windows\System32\wlanhlp.dll
2008-08-17 10:04	542,720	----a-w	C:\Windows\System32\sysmain.dll
2008-08-17 10:04	502,784	----a-w	C:\Windows\System32\wlansvc.dll
2008-08-17 10:04	47,104	----a-w	C:\Windows\System32\wlanapi.dll
2008-08-17 10:04	297,984	----a-w	C:\Windows\System32\wlansec.dll
2008-08-17 10:04	290,816	----a-w	C:\Windows\System32\wlanmsm.dll
2000-10-18 10:19	57,344	--sha-w	C:\Windows\System32\mfc42loc.dll
1995-09-20 14:16	35,088	--sha-w	C:\Windows\System32\msjint32.dll
1995-09-20 14:13	977,680	--sha-w	C:\Windows\System32\msjt3032.dll
1995-09-20 14:16	23,824	--sha-w	C:\Windows\System32\msjter32.dll
1995-09-24 09:02	243,472	--sha-w	C:\Windows\System32\vbar2232.dll
1998-05-18 01:06	368,912	--sha-w	C:\Windows\System32\vbar332.dll
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-17 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"YolwCIR6la"="C:\ProgramData\orkvufqv\unsnsfgr.exe" [2008-08-25 69632]
"Google Update"="C:\Users\SPIDER LOLO\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"ProcCfgApl"="C:\ProgramData\ProcCfgApl\cboxihod.exe" [2008-09-09 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C1A94978-9C4A-44D9-85CC-976E4B256685}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17250F27-816F-4293-8E80-6C4A899E07AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2ED47240-F206-4606-8CDA-2F141807082E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{22E9B950-371C-47D2-AEE9-F09A8FB644C9}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"TCP Query User{85FD9D0E-C57A-4E94-8F0A-CA903FE76A63}C:\program files\hercules\hercules dualpix hd webcam\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{58AB164E-06FB-43FA-AFB1-6F421937C783}C:\program files\hercules\hercules dualpix hd webcam\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"TCP Query User{BE5F4F50-B56C-4DF4-B478-191F34C89730}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\controlui.exe:Hercules Zoom Controller Main Application
"UDP Query User{0423C1E5-EE52-4D45-A4F2-528A461FA49E}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\controlui.exe:Hercules Zoom Controller Main Application
"{067960AD-6E38-423F-91C5-989D623D0384}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B3BE736C-7217-47BF-B229-303A8CBFC40F}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
"{8CD5A098-A7ED-4DF2-80E9-18C6A089A9D7}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
"{48969383-33DF-4597-A64E-B48496D8764F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4A384EA0-BE69-4623-BBF4-BFD43D51CE17}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{C83BA2D8-5C42-471B-84E7-9ACA3953DBA4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{A8F85255-A5A7-45DC-B1DB-CC4478133528}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C4676158-4AFB-4FCE-BEFC-FE2F126DDE22}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B7369734-DEA9-4C99-AD32-F674CB7DEC54}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B6A02F55-118F-47AE-9732-A1D71FBB1A36}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{DE95EB19-A981-4CA1-95E5-412DB4626A66}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{597F0373-7083-46C6-A88A-BC19C3A01BF2}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{F55A8EA5-BF4A-40C7-9FF5-A95BEDF08259}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{E5C0CA76-35C1-4F71-A34C-C865E2244309}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{CF50A9F2-6F4E-4B4B-9521-C67869A2C651}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{A51C1F33-C8D6-48EE-AB53-9B365C1378C8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{356E52C8-C58F-4250-8AA7-4B30FD546FA5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{DF0B66B8-E572-4A38-B6C0-A89D452DBBBE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{7BFC12C4-BAFC-4E32-AB78-85E56CD74BB6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{33862A93-4EB6-4E38-B3A6-ACB92158A6A6}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{7269E45B-7971-4494-9807-D40FCBD2D979}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{68AFBC87-C8B0-4F5F-BE9E-7D5DE3F87394}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{7A381617-185D-4038-A6E8-556BDA9DA8EF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{28927010-F82B-4776-9CD4-B6FAB3366316}"= Disabled:UDP:57521:Pando P2P TCP Listening Port
"{D4CC74B7-D0B6-4B4C-AE3C-50B19CA414BF}"= Disabled:TCP:57521:Pando P2P UDP Listening Port
"{32F1D152-E16D-4676-84E2-A4C484A24980}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6CA4C8E1-B2AA-4DBF-84E1-2A8D944D91AF}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{4DEB9F41-F0EA-4C04-8285-824BE5919984}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{92981231-DCAA-469D-959A-A32C82CB3091}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{6E341430-79C8-4916-8302-30A492104874}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{6A1540AB-5C16-4272-9184-493CCC3DF850}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8B79D375-EFAB-4327-93A4-7D4C60C20E17}C:\program files\windows sidebar\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{74B46848-FDB2-43DB-B459-3DF7755651DA}C:\program files\windows sidebar\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers
vrd32.sys [2007-12-08 131616]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080909.001\IDSvix86.sys [2008-07-16 261680]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
R3 APL531;Hercules Dualpix HD Webcam;C:\Windows\system32\Drivers\HDvidv.sys [2007-07-13 285952]
R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2008-02-01 103720]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
S3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys [2008-01-23 28672]
S3 HDJAsioK;HDJAsioK;C:\Windows\system32\Drivers\HDJAsioK.sys [2008-04-15 131072]
S3 HDJMidi;Hercules DJ Console Mk2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys [2008-06-02 83456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILDRVI7
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://eo.st
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 11:35:38
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-11 11:36:57
ComboFix-quarantined-files.txt  2008-09-11 09:36:48

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 156,173,119,488 octets libres

248	--- E O F ---	2008-08-23 18:27:11


merci d'avance pour ton aide§§§

g!rly · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''

Laurent1967 · Answer

Bonjour, j'ai également les mêmes soucis avec les mêmes trojans...après un passage de d'anti virus et de Hijackthis voici le rapport...merci de m'aider car ma connection est terriblement retardé. Cordialement Laurent

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:22, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CheckFlow\FlowProtector\4.0.0.1\FlowService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\anti virus général\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\divxsm.exe
C:\Program Files\anti virus général\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS
jjmz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ApiCfg] C:\WINDOWS\system32\fmtuxslc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\anti virus général\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [rlBGhJyiCl] C:\Documents and Settings\All Users\Application Data\bchwzgpm\zodqjgpc.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\logiciel images internet\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Brothers In Arms EiB Demo.LNK = C:\Program Files\jeux PC\brothers_in_arms_earned_in_blood_demo_jouable_1_anglais_15342\Brothers in Arms Earned in Blood DEMO PC\Support\Register\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Barre d'outils eBay - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Barre d'outils eBay - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://graceland59.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.atafoto.com/fr/photo-collection/ImageUploader4.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://live365.com/
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4150E63C-E4BF-435E-A106-05A5141186B9}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: ComDscSys - {70AECCFE-9DEC-FA07-0DF8-070D5E0248C7} - C:\Program Files\ghrwdk\ComDscSys.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FlowProtectorService - Unknown owner - C:\Program Files\CheckFlow\FlowProtector\4.0.0.1\FlowService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

g!rly · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''

Trojan.spy.html.bankfraud.dq

34 réponses