cheval obfuscated

[Lamalou]

Tu n'as pas suivi les conseils de styx dans son #message 2 !!

 

1/-Télécharge OTMoveIt (par OldTimer). Sauvegarde-le sur ton Bureau.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

2/relance HijackThis "do a system scan only" et COCHE UNIQUEMENT LES LIGNES CI DESSOUS PUIS CLIC FIXCHECKED:

 

O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe

O4 - HKLM\..\Policies\Explorer\Run: [service] C:\WINDOWS\winlogon32.exe

 

3/* Copie le texte ci-bas sans le mot citation (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :

* Double-clique sur OTMoveIt.exe afin de lancer le programme.

* Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée

* Fais un Clique-droit sur le cadre de gauche puis choisis Coller.

* Clique à présent sur le bouton "MoveIt!".

 

Un rapport va être créé, il se trouve dans C:\_OTMoveIt\MovedFiles\

Le nom du rapport est la date de sa création.

Poste le à styx , il te donnera la suite des manips.

[Lamalou]

Tu n'as pas suivi les conseils de styx dans son #message 2 !!

 

1/-Télécharge OTMoveIt (par OldTimer). Sauvegarde-le sur ton Bureau.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

2/relance HijackThis "do a system scan only" et COCHE UNIQUEMENT LES LIGNES CI DESSOUS PUIS CLIC FIXCHECKED:

 

O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe

O4 - HKLM\..\Policies\Explorer\Run: [service] C:\WINDOWS\winlogon32.exe

 

3/* Copie le texte ci-bas sans le mot citation (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :

* Double-clique sur OTMoveIt.exe afin de lancer le programme.

* Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée

* Fais un Clique-droit sur le cadre de gauche puis choisis Coller.

* Clique à présent sur le bouton "MoveIt!".

 

Un rapport va être créé, il se trouve dans C:\_OTMoveIt\MovedFiles\

Le nom du rapport est la date de sa création.

Poste le à styx , il te donnera la suite des manips.

 

 

Voici le rapport "OTMoveIt

 

 

File/Folder Logfile of Trend Micro HijackThis v2.0.2 not found.

File/Folder Scan saved at 12:36:40, on 05/11/2007 not found.

File/Folder Platform: Windows XP SP2 (WinNT 5.01.2600) not found.

File/Folder MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) not found.

File/Folder Boot mode: Normal not found.

File/Folder not found.

File/Folder Running processes: not found.

Item C:\WINDOWS\System32\smss.exe is whitelisted and cannot be moved.

Item C:\WINDOWS\system32\winlogon.exe is whitelisted and cannot be moved.

Item C:\WINDOWS\system32\services.exe is whitelisted and cannot be moved.

Item C:\WINDOWS\system32\lsass.exe is whitelisted and cannot be moved.

C:\WINDOWS\system32\Ati2evxx.exe moved successfully.

Item C:\WINDOWS\system32\svchost.exe is whitelisted and cannot be moved.

Item C:\WINDOWS\System32\svchost.exe is whitelisted and cannot be moved.

C:\WINDOWS\system32\spoolsv.exe moved successfully.

File/Folder C:\WINDOWS\system32\Ati2evxx.exe not found.

C:\WINDOWS\Explorer.EXE moved successfully.

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe moved successfully.

C:\windows\system\hpsysdrv.exe moved successfully.

C:\WINDOWS\system32\hphmon06.exe moved successfully.

C:\HP\KBD\KBD.EXE moved successfully.

C:\WINDOWS\system32\CTHELPER.EXE moved successfully.

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe moved successfully.

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE moved successfully.

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe moved successfully.

C:\Program Files\Eset\nod32kui.exe moved successfully.

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe moved successfully.

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe moved successfully.

C:\Program Files\iTunes\iTunesHelper.exe moved successfully.

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe moved successfully.

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe moved successfully.

C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE moved successfully.

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe moved successfully.

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe moved successfully.

C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE moved successfully.

C:\WINDOWS\system32\CTSvcCDA.EXE moved successfully.

C:\WINDOWS\eHome\ehRecvr.exe moved successfully.

C:\WINDOWS\eHome\ehSched.exe moved successfully.

C:\WINDOWS\System32\FTRTSVC.exe moved successfully.

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe moved successfully.

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE moved successfully.

C:\Program Files\Eset\nod32krn.exe moved successfully.

Item C:\WINDOWS\system32\svchost.exe is whitelisted and cannot be moved.

C:\WINDOWS\system32\MsPMSPSv.exe moved successfully.

C:\WINDOWS\system32\dllhost.exe moved successfully.

C:\Program Files\iPod\bin\iPodService.exe moved successfully.

C:\Program Files\Wanadoo\GestionnaireInternet.exe moved successfully.

C:\Program Files\Wanadoo\ComComp.exe moved successfully.

C:\PROGRA~1\Wanadoo\Toaster.exe moved successfully.

C:\PROGRA~1\Wanadoo\Inactivity.exe moved successfully.

C:\PROGRA~1\Wanadoo\PollingModule.exe moved successfully.

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE moved successfully.

C:\Program Files\Wanadoo\Watch.exe moved successfully.

C:\WINDOWS\system32\lxbtcoms.exe moved successfully.

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe moved successfully.

File/Folder not found.

File/Folder R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop not found.

File/Folder R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 not found.

File/Folder R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop not found.

File/Folder R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop not found.

File/Folder R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop not found.

File/Folder R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop not found.

File/Folder R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop not found.

File/Folder R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = not found.

File/Folder R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange not found.

File/Folder R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens not found.

File/Folder R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL not found.

File/Folder O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll not found.

File/Folder O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll not found.

File/Folder O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll not found.

File/Folder O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll not found.

File/Folder O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.

File/Folder O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll not found.

File/Folder O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe not found.

File/Folder O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe not found.

File/Folder O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe not found.

File/Folder O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe not found.

File/Folder O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe not found.

File/Folder O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE not found.

File/Folder O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE not found.

File/Folder O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE not found.

File/Folder O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe not found.

File/Folder O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe not found.

File/Folder O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE not found.

File/Folder O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe not found.

File/Folder O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" not found.

File/Folder O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 not found.

File/Folder O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s not found.

File/Folder O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE not found.

File/Folder O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe not found.

File/Folder O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" not found.

File/Folder O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized not found.

File/Folder O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement not found.

File/Folder O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') not found.

File/Folder O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') not found.

File/Folder O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') not found.

File/Folder O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') not found.

File/Folder O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe not found.

File/Folder O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm not found.

File/Folder O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 not found.

File/Folder O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7bf894989c85438298a2fe62c540fa84 not found.

File/Folder O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7bf894989c85438298a2fe62c540fa84 not found.

File/Folder O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll not found.

File/Folder O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll not found.

File/Folder O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe not found.

File/Folder O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe not found.

File/Folder O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL not found.

File/Folder O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL not found.

File/Folder O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe not found.

File/Folder O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe not found.

File/Folder O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab not found.

File/Folder O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab not found.

File/Folder O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab not found.

File/Folder O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab not found.

File/Folder O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab not found.

File/Folder O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.bellapix.com/XUpload.ocx not found.

File/Folder O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe not found.

File/Folder O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe not found.

File/Folder O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe not found.

File/Folder O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE not found.

File/Folder O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe not found.

File/Folder O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe not found.

File/Folder O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe not found.

File/Folder O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe not found.

File/Folder O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe not found.

File/Folder O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe not found.

File/Folder not found.

File/Folder -- not found.

 

Created on 11/05/2007 12:37:18

[angelique]

Pouarf!!! tu as fais n'importe quoi!!

 

Tu as des problemes de lecture du français??

 

M"étonnerait que tu lise ce message de ce PC vu [ C:\WINDOWS\Explorer.EXE moved successfully.]

 

* je te prepare une solution pour reparer tes conneries

[angelique]

1/ On va restaurer ce que tu as effacer avec OTMoveIt ,suite à ta mauvaise manipulation.

 

ouvre une invite de commande en tapant simultanement la touche "windows" de ton clavier + touche "R"

tape CMD dans la fenetre "executer"

 

Dans la fenetre d'invite de commande qui s'ouvre ,tape scrupuleusement en respectant les espaces:

 

copy C:\_OTMoveIt\xcopy MovedFiles\*c:\* /e /h /y