Win32:VBStat-C [résolu]
Forum Sécurité - Virus : Win32:VBStat-C [résolu]
Bonjour,
Qq peut m aider à me débarasser de Win32:VBStat-C?
Merci d avance
Logfile of HijackThis v1.99.1
Scan saved at 11:08:18, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\retadpu2000373.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Hotmail Popper\hotpop.exe
C:\Program Files\freeBrowser\vlc\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211359826033AAC
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ofmkncjy.dll",realset
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [freeBrowser] C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Message édité par chipie54 le 24-05-2007 à 22:30:40
1)Télécharger VundoFix.exe (par Atribune) sur votre Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
2)Ouvre le dossier de Hijackthis, repères l'icone avec les bâtons de dymnamites.
Fais un clic-droit dessus et choisis "renommer"
Appelle-le scanner.exe
Ferme les programmes inutiles.
Exécute-le et clique sur Do a system scan and save a logfile.
Ne coche rien.
Copie le rapport et colle-le dans un message.
Message édité par IL-MAFIOSO le 23-05-2007 à 12:10:32
Bonjour
Merci de ton aide
1.
VundoFix V6.3.19
Checking Java version...
Sun Java not detected
Scan started at 21:16:17 04/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ikscxotp.dll
C:\WINDOWS\system32\nnnmnll.dll
C:\WINDOWS\system32\ptoxcski.ini
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\vtmijfck.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\yturqush.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ikscxotp.dll
C:\WINDOWS\system32\ikscxotp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmnll.dll
C:\WINDOWS\system32\nnnmnll.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ptoxcski.ini
C:\WINDOWS\system32\ptoxcski.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtmijfck.dll
C:\WINDOWS\system32\vtmijfck.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yturqush.dll
C:\WINDOWS\system32\yturqush.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Sun Java not detected
Scan started at 21:21:40 04/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\nnnmnll.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\nnnmnll.dll
C:\WINDOWS\system32\nnnmnll.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Sun Java not detected
Scan started at 14:00:34 23/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\mdsphcfn.dll
C:\WINDOWS\system32\ofmkncjy.dll
C:\WINDOWS\system32\pmnljif.dll
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\yayxwut.dll
C:\WINDOWS\system32\yjcnkmfo.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ofmkncjy.dll
C:\WINDOWS\system32\ofmkncjy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnljif.dll
C:\WINDOWS\system32\pmnljif.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayxwut.dll
C:\WINDOWS\system32\yayxwut.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yjcnkmfo.ini
C:\WINDOWS\system32\yjcnkmfo.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Sun Java not detected
Scan started at 14:08:04 23/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\pmnljif.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\pmnljif.dll
C:\WINDOWS\system32\pmnljif.dll Has been deleted!
Performing Repairs to the registry.
Done!
2.Logfile of HijackThis v1.99.1
Scan saved at 14:20:13, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\retadpu2000373.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {03B5050B-2DE4-44C0-A037-B80F53B45D92} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {220E59CA-552C-4EA8-82A6-056324EB9492} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1} - C:\WINDOWS\system32\pmnljif.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211359826033AAC
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [freeBrowser] C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayyyww - yayyyww.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
1)Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com [...] /SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
# Redémarre ton ordinateur
# Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
# A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
# Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
# Choisis ton compte.
Déroule la liste des instructions ci-dessous :
# Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
# Appuie sur Y pour commencer le processus de nettoyage.
# Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
# Appuie sur une touche pour redémarrer le PC.
# Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
# Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
# Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
# Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
# Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
2)Reposte un log hijackthis
SDFix: Version 1.84
Run by LOVATO - 23/05/2007 - 19:18:08,39
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\LOVATO\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\retadpu2000373.exe - Deleted
Folder C:\Program Files\InetGet2 - Removed
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\freeBrowser\\freeBrowser\\freeBrowser.exe"="C:\\Program Files\\freeBrowser\\freeBrowser\\freeBrowser.exe:*:Enabled:FreeBrowser"
"C:\\Program Files\\freeBrowser\\vlc\\vlc.exe"="C:\\Program Files\\freeBrowser\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Call Module"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\LOVATO\Bureau\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
Finished
Logfile of HijackThis v1.99.1
Scan saved at 19:24:27, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Hotmail Popper\hotpop.exe
C:\Program Files\freeBrowser\vlc\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {03B5050B-2DE4-44C0-A037-B80F53B45D92} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {220E59CA-552C-4EA8-82A6-056324EB9492} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1} - C:\WINDOWS\system32\pmnljif.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [freeBrowser] C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayyyww - yayyyww.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Bonjour,
Je prends la suite d'IL-MAFIOSO.
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
"LOVATO" - 2007-05-24 20:41:51 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\LOVATO\Bureau\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
2007-05-23 14:00 <REP> d-------- C:\VundoFix Backups
2007-05-22 22:12 340 --a------ C:\WINDOWS\rayiou.exe
2007-05-22 22:12 <REP> d-------- C:\Program Files\WinTouch
2007-05-16 19:26 <REP> d-------- C:\WINDOWS\AU_Temp
2007-05-15 02:39 65,045 --a------ C:\WINDOWS\b138.exe
2007-05-05 11:36 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-05 11:36 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-05 11:36 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-05 11:36 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-05 11:36 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-05-05 11:36 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-05-05 11:36 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-05 11:36 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-05 11:36 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-05 11:36 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-05 11:36 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-24 18:37:50 -------- d-----w C:\Program Files\ePrompter
2007-05-16 17:26:38 1,101,904 ----a-w C:\WINDOWS\vsapi32.dll
2007-05-16 17:26:37 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-05-12 16:30:22 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-05-12 16:30:22 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 19:02:39 46,368 ----a-w C:\DOCUME~1\LOVATO\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-24 18:28:24 -------- d-----w C:\Program Files\DivX
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-04 16:53:22 812 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-03 19:15:05 241,066 ----a-w C:\WINDOWS\system32\qmpknjmhsv_nav.dat
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-25 16:40:58 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-25 16:40:42 2,308 ----a-w C:\WINDOWS\mozver.dat
2007-03-25 11:57:18 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 11:57:18 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-23 16:29:33 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\DivX
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:35:59 -------- d-----w C:\Program Files\Microsoft AutoRoute
2007-03-16 23:30:16 -------- d-----w C:\Program Files\Microsoft Works
2007-03-16 23:26:56 -------- d-----w C:\Program Files\Microsoft Works Suite 2004
2007-03-09 16:48:52 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\ItsLabel
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 21:42:07 -------- d-----w C:\Program Files\Apple Software Update
2007-02-20 18:48:32 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-06 19:57:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-02-06 19:57:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-02-06 19:57:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{03B5050B-2DE4-44C0-A037-B80F53B45D92}=C:\WINDOWS\system32\jkhfg.dll []
{220E59CA-552C-4EA8-82A6-056324EB9492}=C:\WINDOWS\system32\jkhfg.dll []
{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}=C:\WINDOWS\system32\pmnljif.dll []
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 15:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"WinTouch"="C:\Program Files\WinTouch\WinTouch.exe" [2007-05-22 22:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-10-19 22:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"freeBrowser"="C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe" [2006-08-28 00:54]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2006-11-04 04:28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}"="C:\WINDOWS\system32\pmnljif.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyyww]
yayyyww.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
debugger=nircmd execmd del /a/f c:\windows\Logo1_.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-05-14 18:46:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-24 18:10:33 C:\WINDOWS\tasks\User_Feed_Synchronization-{C9AFA3CA-49CE-4E6A-B140-5E407BB20E60}.job
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-24 18:37:50 -------- d-----w C:\Program Files\ePrompter
2007-05-16 17:26:38 1,101,904 ----a-w C:\WINDOWS\vsapi32.dll
2007-05-16 17:26:37 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-05-12 16:30:22 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-05-12 16:30:22 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 19:02:39 46,368 ----a-w C:\DOCUME~1\LOVATO\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-24 18:28:24 -------- d-----w C:\Program Files\DivX
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-04 16:53:22 812 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-03 19:15:05 241,066 ----a-w C:\WINDOWS\system32\qmpknjmhsv_nav.dat
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-25 16:40:58 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-25 16:40:42 2,308 ----a-w C:\WINDOWS\mozver.dat
2007-03-25 11:57:18 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 11:57:18 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-23 16:29:33 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\DivX
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:35:59 -------- d-----w C:\Program Files\Microsoft AutoRoute
2007-03-16 23:30:16 -------- d-----w C:\Program Files\Microsoft Works
2007-03-16 23:26:56 -------- d-----w C:\Program Files\Microsoft Works Suite 2004
2007-03-09 16:48:52 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\ItsLabel
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 21:42:07 -------- d-----w C:\Program Files\Apple Software Update
2007-02-20 18:48:32 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-06 19:57:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-02-06 19:57:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-02-06 19:57:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{03B5050B-2DE4-44C0-A037-B80F53B45D92}=C:\WINDOWS\system32\jkhfg.dll []
{220E59CA-552C-4EA8-82A6-056324EB9492}=C:\WINDOWS\system32\jkhfg.dll []
{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}=C:\WINDOWS\system32\pmnljif.dll []
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 15:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"WinTouch"="C:\Program Files\WinTouch\WinTouch.exe" [2007-05-22 22:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-10-19 22:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"freeBrowser"="C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe" [2006-08-28 00:54]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2006-11-04 04:28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}"="C:\WINDOWS\system32\pmnljif.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyyww]
yayyyww.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
debugger=nircmd execmd del /a/f c:\windows\Logo1_.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-05-14 18:46:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-24 18:10:33 C:\WINDOWS\tasks\User_Feed_Synchronization-{C9AFA3CA-49CE-4E6A-B140-5E407BB20E60}.job
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 20:42:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-24 20:43:10
C:\ComboFix-quarantined-files.txt ... 2007-05-24 20:43
--- E O F ---
On va faire le ménage des restes avec AVG.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement.
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Répondre à Angeldark
"LOVATO" - 2007-05-24 20:41:51 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\LOVATO\Bureau\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
2007-05-23 14:00 <REP> d-------- C:\VundoFix Backups
2007-05-22 22:12 340 --a------ C:\WINDOWS\rayiou.exe
2007-05-22 22:12 <REP> d-------- C:\Program Files\WinTouch
2007-05-16 19:26 <REP> d-------- C:\WINDOWS\AU_Temp
2007-05-15 02:39 65,045 --a------ C:\WINDOWS\b138.exe
2007-05-05 11:36 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-05 11:36 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-05 11:36 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-05 11:36 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-05 11:36 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-05-05 11:36 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-05-05 11:36 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-05 11:36 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-05 11:36 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-05 11:36 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-05 11:36 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-24 18:37:50 -------- d-----w C:\Program Files\ePrompter
2007-05-16 17:26:38 1,101,904 ----a-w C:\WINDOWS\vsapi32.dll
2007-05-16 17:26:37 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-05-12 16:30:22 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-05-12 16:30:22 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 19:02:39 46,368 ----a-w C:\DOCUME~1\LOVATO\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-24 18:28:24 -------- d-----w C:\Program Files\DivX
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-04 16:53:22 812 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-03 19:15:05 241,066 ----a-w C:\WINDOWS\system32\qmpknjmhsv_nav.dat
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-25 16:40:58 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-25 16:40:42 2,308 ----a-w C:\WINDOWS\mozver.dat
2007-03-25 11:57:18 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 11:57:18 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-23 16:29:33 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\DivX
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:35:59 -------- d-----w C:\Program Files\Microsoft AutoRoute
2007-03-16 23:30:16 -------- d-----w C:\Program Files\Microsoft Works
2007-03-16 23:26:56 -------- d-----w C:\Program Files\Microsoft Works Suite 2004
2007-03-09 16:48:52 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\ItsLabel
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 21:42:07 -------- d-----w C:\Program Files\Apple Software Update
2007-02-20 18:48:32 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-06 19:57:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-02-06 19:57:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-02-06 19:57:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{03B5050B-2DE4-44C0-A037-B80F53B45D92}=C:\WINDOWS\system32\jkhfg.dll []
{220E59CA-552C-4EA8-82A6-056324EB9492}=C:\WINDOWS\system32\jkhfg.dll []
{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}=C:\WINDOWS\system32\pmnljif.dll []
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 15:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"WinTouch"="C:\Program Files\WinTouch\WinTouch.exe" [2007-05-22 22:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-10-19 22:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"freeBrowser"="C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe" [2006-08-28 00:54]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2006-11-04 04:28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}"="C:\WINDOWS\system32\pmnljif.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyyww]
yayyyww.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
debugger=nircmd execmd del /a/f c:\windows\Logo1_.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-05-14 18:46:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-24 18:10:33 C:\WINDOWS\tasks\User_Feed_Synchronization-{C9AFA3CA-49CE-4E6A-B140-5E407BB20E60}.job
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-24 18:37:50 -------- d-----w C:\Program Files\ePrompter
2007-05-16 17:26:38 1,101,904 ----a-w C:\WINDOWS\vsapi32.dll
2007-05-16 17:26:37 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-05-12 16:30:22 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-05-12 16:30:22 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 19:02:39 46,368 ----a-w C:\DOCUME~1\LOVATO\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-24 18:28:24 -------- d-----w C:\Program Files\DivX
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-04 16:53:22 812 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-03 19:15:05 241,066 ----a-w C:\WINDOWS\system32\qmpknjmhsv_nav.dat
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-25 16:40:58 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-25 16:40:42 2,308 ----a-w C:\WINDOWS\mozver.dat
2007-03-25 11:57:18 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 11:57:18 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-23 16:29:33 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\DivX
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:35:59 -------- d-----w C:\Program Files\Microsoft AutoRoute
2007-03-16 23:30:16 -------- d-----w C:\Program Files\Microsoft Works
2007-03-16 23:26:56 -------- d-----w C:\Program Files\Microsoft Works Suite 2004
2007-03-09 16:48:52 -------- d-----w C:\DOCUME~1\LOVATO\APPLIC~1\ItsLabel
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 21:42:07 -------- d-----w C:\Program Files\Apple Software Update
2007-02-20 18:48:32 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-06 19:57:41 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-02-06 19:57:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-02-06 19:57:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{03B5050B-2DE4-44C0-A037-B80F53B45D92}=C:\WINDOWS\system32\jkhfg.dll []
{220E59CA-552C-4EA8-82A6-056324EB9492}=C:\WINDOWS\system32\jkhfg.dll []
{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}=C:\WINDOWS\system32\pmnljif.dll []
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 15:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"WinTouch"="C:\Program Files\WinTouch\WinTouch.exe" [2007-05-22 22:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-10-19 22:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"freeBrowser"="C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe" [2006-08-28 00:54]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2006-11-04 04:28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1}"="C:\WINDOWS\system32\pmnljif.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyyww]
yayyyww.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
debugger=nircmd execmd del /a/f c:\windows\Logo1_.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-05-14 18:46:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-24 18:10:33 C:\WINDOWS\tasks\User_Feed_Synchronization-{C9AFA3CA-49CE-4E6A-B140-5E407BB20E60}.job
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 20:42:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-24 20:43:10
C:\ComboFix-quarantined-files.txt ... 2007-05-24 20:43
--- E O F ---
C'est pas ce que j'ai demandé.
Répondre à Angeldark
Bonsoir,
oupssss j ai du mal ce soir
Merci de prendre la relève
1.---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:14:18 24/05/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{D08ABD70-BD34-4259-94B6-4DBF759EC72B}\RP155\A0019115.exe -> Adware.WebHancer : Nettoyé.
C:\Documents and Settings\LOVATO\Cookies\lovato@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\LOVATO\Cookies\lovato@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\LOVATO\Cookies\lovato@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\LOVATO\Cookies\lovato@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
Fin du rapport
2.Logfile of HijackThis v1.99.1
Scan saved at 21:17:07, on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Hotmail Popper\hotpop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\freeBrowser\vlc\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ComboFix\4230.cfexe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {03B5050B-2DE4-44C0-A037-B80F53B45D92} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {220E59CA-552C-4EA8-82A6-056324EB9492} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1} - C:\WINDOWS\system32\pmnljif.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [freeBrowser] C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayyyww - yayyyww.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {03B5050B-2DE4-44C0-A037-B80F53B45D92} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {220E59CA-552C-4EA8-82A6-056324EB9492} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {97A8B0F7-AD05-4AA4-B475-7EFA330F6AC1} - C:\WINDOWS\system32\pmnljif.dll (file missing)
O20 - Winlogon Notify: yayyyww - yayyyww.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Répondre à Angeldark
c est bon j ai fait ....
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 21:31:23, on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Hotmail Popper\hotpop.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\freeBrowser\vlc\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [freeBrowser] C:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Toujours des problèmes ?
Répondre à Angeldark
Ben en fait je ne peux plus aller sur le forum de l ordi réparé ...
Pourquoi?
Au démarrage j ai toujours une fenêtre noire
C:\Program 1\WinTouch\WinTouch.exe
C est quoi ?Jamais eu avant le trojan ....
Fixe cette ligne :
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
Supprime ce dossier :
C:\Program Files\WinTouch
Répondre à Angeldark
ok c est réglé, est ce que je peux aussi te demander comment ne plus avoir au demarrage le message disant que j ai shareaza en version d essai ...
Merci
Fixer cette ligne :
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
Répondre à Angeldark
ok super , parfait !
Merci beucoup de ton aide .
je mets le résolu comme convenu au réglement
A une prochaine fois .
Bon surf !
Répondre à Angeldark
Il y a 354 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
Par Destrio5 il y a 5 jours :
