Se connecter / S'enregistrer
Votre question

plein de spyware

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Mars 2007 13:35:45

Bonjour,

On m'a dit qu'il y avait des experts qui pourraient m'aider sur ce forum. Merci d'avance. J'ai suivi ce que vous dites dans les autres post: j'ai téléchargé etfaire tourner ccleaner, voilàmon rapport hijack:

Logfile of HijackThis v1.99.1
Scan saved at 13:27:34, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {28CEA1DA-2199-4AEE-BA75-9032C8450B66} - C:\WINDOWS\system32\ddcabcb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E9CC5989-21E0-43E1-9595-0A485474DADD} - C:\WINDOWS\system32\vtstr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\qqhbvkcn.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcabcb - C:\WINDOWS\SYSTEM32\ddcabcb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Autres pages sur : plein spyware

a b 8 Sécurité
24 Mars 2007 13:40:07

Bonjour,

Il y a une infection Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    24 Mars 2007 14:21:41

    merci

    voilà le rapports:

    VundoFix V6.3.17

    Checking Java version...

    Sun Java not detected
    Scan started at 16:38:03 23/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\mnnmp.bak1
    C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\nmtspgyh.dll
    C:\WINDOWS\system32\pmnnm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
    C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\mnnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\mnnmp.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nmtspgyh.dll
    C:\WINDOWS\system32\nmtspgyh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\pmnnm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.17

    Checking Java version...

    Sun Java not detected
    Scan started at 13:55:36 24/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\rtstv.bak1
    C:\WINDOWS\system32\rtstv.ini
    C:\WINDOWS\system32\rtstv.ini2
    C:\WINDOWS\system32\rtstv.tmp
    C:\WINDOWS\system32\vtstr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rtstv.bak1
    C:\WINDOWS\system32\rtstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtstv.ini
    C:\WINDOWS\system32\rtstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtstv.ini2
    C:\WINDOWS\system32\rtstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtstv.tmp
    C:\WINDOWS\system32\rtstv.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtstr.dll
    C:\WINDOWS\system32\vtstr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Logfile of HijackThis v1.99.1
    Scan saved at 14:21:26, on 24/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {28CEA1DA-2199-4AEE-BA75-9032C8450B66} - C:\WINDOWS\system32\ddcabcb.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D1C1AFDF-0481-4812-8D96-82641BA08FE7} - C:\WINDOWS\system32\mljgh.dll
    O2 - BHO: (no name) - {E9CC5989-21E0-43E1-9595-0A485474DADD} - C:\WINDOWS\system32\vtstr.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\qqhbvkcn.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ddcabcb - C:\WINDOWS\SYSTEM32\ddcabcb.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    Contenus similaires
    a b 8 Sécurité
    24 Mars 2007 14:23:39

    Re,

    Télécharge ce fichier Combofix.exe
    et sauvegarde le sur ton bureau et pas ailleurs !

    Clique sur le menu Démarrer puis executer et copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v mljgh ddcabcb
    puis clic sur OK.

    Suis les invites.

    Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    24 Mars 2007 14:46:51

    Alors le voilà:

    "Dupouey" - 07-03-24 14:26:18 Service Pack 2
    ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Dupouey\Bureau"
    Command switches used :: /v mljgh ddcabcb

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\mljgh.dll
    C:\WINDOWS\system32\ddcabcb.dll
    C:\WINDOWS\system32\hgjlm.bak1
    C:\WINDOWS\system32\hgjlm.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))


    2007-03-24 14:18 0 --a------ C:\WINDOWS\system32\mljjk.dll
    2007-03-24 13:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-24 13:27 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-03-24 13:03 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-24 13:02 <REP> d-------- C:\Program Files\CCleaner
    2007-03-23 16:38 <REP> d-------- C:\VundoFix Backups
    2007-03-23 13:42 123,972 --a------ C:\WINDOWS\system32\qqhbvkcn.dll
    2007-03-23 00:28 <REP> d-------- C:\WINDOWS\setup.pss
    2007-03-22 20:51 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-03-22 20:49 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-03-22 20:49 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-03-22 20:49 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-03-22 20:49 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-03-22 20:49 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-03-22 20:49 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-03-22 20:49 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
    2007-03-22 20:49 <REP> d-------- C:\DOCUME~1\Dupouey\APPLIC~1\PC Tools
    2007-03-22 20:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
    2007-03-22 20:48 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-03 16:55 -------- d-------- C:\Program Files\zipcentral
    2007-02-19 21:26 127034 -r------- C:\WINDOWS\bwunin-8.1.1.50-8876480sl.exe
    2007-02-18 19:54 -------- d-------- C:\DOCUME~1\Dupouey\APPLIC~1\media player classic
    2007-02-18 19:53 -------- d-------- C:\Program Files\satsuki decoder pack
    2007-02-03 15:49 -------- d-------- C:\Program Files\windows live toolbar
    2007-02-03 15:30 -------- d-------- C:\Program Files\msn messenger
    2007-02-01 07:49 -------- d-------- C:\Program Files\google
    2007-01-29 23:08 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-24 20:03 -------- d-------- C:\Program Files\sld codec pack
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-01-15 18:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
    2007-01-09 18:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2007-01-07 22:12 1168 --a------ C:\WINDOWS\mozver.dat
    2007-01-07 22:04 0 --a------ C:\WINDOWS\nsreg.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
    "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
    "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\qqhbvkcn.dll\",setvm"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source REG_SZ file:///C:/DOCUME~1/Dupouey/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MCHINJDRV


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-24 14:41:13
    a b 8 Sécurité
    24 Mars 2007 15:06:44

    Re,

  • Double-clique VundoFix.exe afin de le lancer
  • NE clique PAS sur le bouton Scan for Vundo
  • Clique Droit dans la fenêtre blanche, choisis Add more files ?
  • Rajoute dans la première ligne :
    C:\WINDOWS\system32\mljgh.dll
    Dans la deuxième ligne :
    C:\WINDOWS\system32\hgjlm.*
    Dans la troisième ligne :
    C:\WINDOWS\system32\qqhbvkcn.dll
  • Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo
  • Si l'outil te demande de redémarrer, accepte.
  • Copie/Colle ensuite le rapport C:\vundofix.txt
    24 Mars 2007 15:48:19

    j'ai fait tout ce que tu m'as dit de faire. Mais j'ai l'impression que c'est le même rapport VundoFix V6.3.17

    Checking Java version...

    Sun Java not detected
    Scan started at 16:38:03 23/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\mnnmp.bak1
    C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\nmtspgyh.dll
    C:\WINDOWS\system32\pmnnm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
    C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\mnnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\mnnmp.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nmtspgyh.dll
    C:\WINDOWS\system32\nmtspgyh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\pmnnm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.17

    Checking Java version...

    Sun Java not detected
    Scan started at 13:55:36 24/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\rtstv.bak1
    C:\WINDOWS\system32\rtstv.ini
    C:\WINDOWS\system32\rtstv.ini2
    C:\WINDOWS\system32\rtstv.tmp
    C:\WINDOWS\system32\vtstr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rtstv.bak1
    C:\WINDOWS\system32\rtstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtstv.ini
    C:\WINDOWS\system32\rtstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtstv.ini2
    C:\WINDOWS\system32\rtstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtstv.tmp
    C:\WINDOWS\system32\rtstv.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtstr.dll
    C:\WINDOWS\system32\vtstr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qqhbvkcn.dll
    C:\WINDOWS\system32\qqhbvkcn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    24 Mars 2007 15:55:25

    Bonjour,

    Reposte un rapport ComboFix

    Double clique combofix.exe et suis les invites.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    24 Mars 2007 16:04:17

    Le voilà
    pendant que le scan se faisait, spyware doctor a fait part de beaucoup de trojan qu'il a bloqués.

    "Dupouey" - 07-03-24 15:59:32 Service Pack 2
    ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Dupouey\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))


    2007-03-24 14:18 0 --a------ C:\WINDOWS\system32\mljjk.dll
    2007-03-24 13:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-24 13:27 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-03-24 13:03 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-24 13:02 <REP> d-------- C:\Program Files\CCleaner
    2007-03-23 16:38 <REP> d-------- C:\VundoFix Backups
    2007-03-23 00:28 <REP> d-------- C:\WINDOWS\setup.pss
    2007-03-22 20:51 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-03-22 20:49 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-03-22 20:49 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-03-22 20:49 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-03-22 20:49 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-03-22 20:49 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-03-22 20:49 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-03-22 20:49 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
    2007-03-22 20:49 <REP> d-------- C:\DOCUME~1\Dupouey\APPLIC~1\PC Tools
    2007-03-22 20:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
    2007-03-22 20:48 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-03 16:55 -------- d-------- C:\Program Files\zipcentral
    2007-02-19 21:26 127034 -r------- C:\WINDOWS\bwunin-8.1.1.50-8876480sl.exe
    2007-02-18 19:54 -------- d-------- C:\DOCUME~1\Dupouey\APPLIC~1\media player classic
    2007-02-18 19:53 -------- d-------- C:\Program Files\satsuki decoder pack
    2007-02-03 15:49 -------- d-------- C:\Program Files\windows live toolbar
    2007-02-03 15:30 -------- d-------- C:\Program Files\msn messenger
    2007-02-01 07:49 -------- d-------- C:\Program Files\google
    2007-01-29 23:08 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-24 20:03 -------- d-------- C:\Program Files\sld codec pack
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-01-15 18:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
    2007-01-09 18:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2007-01-07 22:12 1168 --a------ C:\WINDOWS\mozver.dat
    2007-01-07 22:04 0 --a------ C:\WINDOWS\nsreg.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
    "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
    "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\qqhbvkcn.dll\",setvm"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source REG_SZ file:///C:/DOCUME~1/Dupouey/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-24 16:02:39
    C:\ComboFix2.txt ... 07-03-24 14:41
    a b 8 Sécurité
    24 Mars 2007 16:46:55

    La dll résiste :/ 

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    2 Avril 2007 09:31:15

    Salut,

    Je viens de le faire

    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 1, executee le 02/04/2007 a 9:30:17,15

    *** Recherche de fichiers sur C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\mcrh.tmp FOUND

    "C:\Program Files\GamesBar\" FOUND
    *** Fin du rapport !
    2 Avril 2007 10:12:49

    Bonjour,

    1/ Redémarre en mode Sans Échec
    (au démarrage, tapote immédiatement la touche F8), puis tu verras un écran avec choix de démarrages :
    choisis Mode sans échec avec les flèches du clavier, puis valide avec Entrée.
    Choisis ton compte usuel (et non Administrateur).

    Si tu n’arrives vraiment pas à redémarrer en mode sans échec je te propose ce lien :

    Redémarrer en mode sans échec

    2/ Double-clic sur clean. Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier.
    Clean va travailler.
    Un rapport va etre généré.
    Redemarre en mode normale, colle le rapport de Clean entier ici.

    3/ Refait un nouveau scan ComboFix et poste le rapport.
    2 Avril 2007 12:03:37

    07-04-02 11:47:56 Service Pack 2
    ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Dup\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))


    2007-04-02 10:25 <REP> d-------- C:\WINDOWS\pss
    2007-03-24 15:18 0 --a------ C:\WINDOWS\system32\mljjk.dll
    2007-03-24 14:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-24 14:27 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-03-24 14:03 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-24 14:02 <REP> d-------- C:\Program Files\CCleaner
    2007-03-23 17:38 <REP> d-------- C:\VundoFix Backups
    2007-03-23 01:28 <REP> d-------- C:\WINDOWS\setup.pss
    2007-03-22 21:51 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-03-22 21:49 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-03-22 21:49 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-03-22 21:49 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-03-22 21:49 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-03-22 21:49 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-03-22 21:49 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-03-22 21:49 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
    2007-03-22 21:49 <REP> d-------- C:\DOCUME~1\Dupouey\APPLIC~1\PC Tools
    2007-03-22 21:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
    2007-03-22 21:48 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-02 09:29 -------- d-------- C:\Program Files\zipcentral
    2007-03-25 14:21 49054 --a------ C:\WINDOWS\system32\perfc00c.dat
    2007-03-25 14:21 368314 --a------ C:\WINDOWS\system32\perfh00c.dat
    2007-02-19 22:26 127034 -r------- C:\WINDOWS\bwunin-8.1.1.50-8876480sl.exe
    2007-02-18 20:53 -------- d-------- C:\Program Files\satsuki decoder pack
    2007-02-03 16:49 -------- d-------- C:\Program Files\windows live toolbar
    2007-02-03 16:30 -------- d-------- C:\Program Files\msn messenger
    2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
    2007-01-09 19:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2007-01-07 23:12 1168 --a------ C:\WINDOWS\mozver.dat
    2007-01-07 23:04 0 --a------ C:\WINDOWS\nsreg.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
    "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
    "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\qqhbvkcn.dll\",setvm"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source REG_SZ file:///C:/DOCUME~1/Dupouey/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbbcc826-462a-11db-b803-0040d07fbb61}]
    Shell\Auto\command E:\bittorrent.exe e
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-02 11:50:33
    C:\ComboFix2.txt ... 07-03-24 17:02
    C:\ComboFix3.txt ... 07-03-24 15:41
    2 Avril 2007 18:03:40

    On me dit qu'il manque le fichier qqhbvkcn.dll.

    Que dois-je faire?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS