Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Win32.TrojanDownloader.zlob et .small

tepoztlan

Par tepoztlan
dans Analyses et éradication malwares

 Partager

Messages recommandés

tepoztlan Junior Member

tepoztlan

Posté(e)
Posté(e) (modifié)

Bonjour,

 

j'ai attrapé ces virus (Win32.TrojanDownloader.zlob et Win32.TrojanDownloader.small) et n'arrive pas à les éradiquer.

 

J'ai utilisé sans effet:

- F-Secure

- Ad Aware

- SpyBot

- Trojan remover

- Vundo

 

J'ai aussi lancé HijackThis mais que faire du résultat ?

 

Si vous pouviez m'aider ?

 

D'avance merci

Modifié par tepoztlan

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)
Bonjour,

 

poste ton rapport Hijackthis.

 

 

Ci-joint mon rapport HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:32:39, on 10/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\BT Common Client\btomosrv.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\stsystra.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe

C:\Program Files\Adobe\Distillr\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\F-Secure\FSGUI\fsguidll.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\X1\X1FileMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\X1\X1Systray.exe

C:\Program Files\X1\X1.exe

C:\Program Files\X1\X1Service.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

C:\Program Files\X1\textExtractor.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

d:\Documents and Settings\RLAINEL\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://172.16.101.143:8765/query_new.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gweb.gemalto.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gweb1.gemalto.com/user/wwproxy.pac

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [RegTool] C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [a4533511] rundll32.exe "C:\WINDOWS\system32\euctbybj.dll",b

O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe AcStd7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe

O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

O4 - Global Startup: Harrap's Shorter.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://gemweb.gemenos.eur.gemplus.com/index.html

O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - https://trackerweb03.rnd.gemplus.com/trackdoc/trkpm660ie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) -

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198050970694

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F9B3E1F4-3F66-11D3-AD61-0090275A7262} (ZABOClientControl Class) - http://ggentp48.gemenos.eur.gemplus.com/wi...eX/ZABOIEEN.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rnd.gemplus.com

O17 - HKLM\Software\..\Telephony: DomainName = rnd.gemplus.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rnd.gemplus.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rnd.gemplus.com,china.rnd.gemplus.com,gemenos.eur.gemplus.com,ds.gemplus.com,corp.ds.gemplus.com,axalto.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rnd.gemplus.com,china.rnd.gemplus.com,gemenos.eur.gemplus.com,ds.gemplus.com,corp.ds.gemplus.com,axalto.com

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: BT Common Client - British Telecommunications Plc. - C:\Program Files\BT Common Client\btomosrv.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: GemSAFE Card Access Service - Gemplus - C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OracleClientCache80 - Unknown owner - c:\orant\BIN\ONRSD80.EXE

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 16501 bytes

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)

En plus comme malaise j'ai une tetra chié de fichiers temporaires qui c'est générée dans "My Documents" environ 7500 depuis hier...

Ma barre de tache est régulièrement inactivée et je dois pour réparer relancer une tache explorer.exe après avoir tuer le process.

Diamondz Mega Power Member

Diamondz

Posté(e)
Posté(e)

Re,

 

-Télécharge VundoFix sur ton bureau.

-Double-clique sur VundoFix.exe et clique sur "scan for vundo".

-A la fin du scan, si Vundo est trouvé (il te le dira), clique sur "remove vundo". S'il te demande si tu veux supprimer les fichiers, clique sur oui.

-A la fin de la suppression, il va te faire redémarrer, fais-le.

-Un rapport est à poster dans ta prochaine, réponse, il se trouve ici : %systemdrive%\vundofix.txt .

Précision : %systemdrive% correspond à ton disque dur par défaut, celui où est installé Windows, généralement sa lettre est C:, mais celle-ci peut varier, d'où l'intérêt d'une désignation universelle.

 

PUIS

 

-Télécharge ComboFix de sUBs sur ton Bureau.

-Double clique sur combofix.exe puis tape 1 pour lancer le scan.

-Lorsque le scan sera terminé, un rapport apparaîtra, il est à coller dans ton prochain message. Le rapport se trouve également ici : %SYSTEMDRIVE%\Combofix.txt

NB: Combofix peut être détecté par certains antivirus. Dans ce cas-là, ignore l’alerte.

 

DONC

Tu as deux étapes à suivre dans lordre (signale-moi si tu as sauté une étape puis fais la suite) :

-VundoFix +rapport

-Combofix +rapport

Tu reposteras ensuite un nouveau rapport Hijackthis.

Après avoir fait ces manips, constates-tu des changements ? Améliorations ?

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)
Re,

 

-Télécharge VundoFix sur ton bureau.

-Double-clique sur VundoFix.exe et clique sur "scan for vundo".

-A la fin du scan, si Vundo est trouvé (il te le dira), clique sur "remove vundo". S'il te demande si tu veux supprimer les fichiers, clique sur oui.

-A la fin de la suppression, il va te faire redémarrer, fais-le.

-Un rapport est à poster dans ta prochaine, réponse, il se trouve ici : %systemdrive%\vundofix.txt .

Précision : %systemdrive% correspond à ton disque dur par défaut, celui où est installé Windows, généralement sa lettre est C:, mais celle-ci peut varier, d'où l'intérêt d'une désignation universelle.

 

PUIS

 

-Télécharge ComboFix de sUBs sur ton Bureau.

-Double clique sur combofix.exe puis tape 1 pour lancer le scan.

-Lorsque le scan sera terminé, un rapport apparaîtra, il est à coller dans ton prochain message. Le rapport se trouve également ici : %SYSTEMDRIVE%\Combofix.txt

NB: Combofix peut être détecté par certains antivirus. Dans ce cas-là, ignore l’alerte.

 

DONC

Tu as deux étapes à suivre dans lordre (signale-moi si tu as sauté une étape puis fais la suite) :

-VundoFix +rapport

-Combofix +rapport

Tu reposteras ensuite un nouveau rapport Hijackthis.

Après avoir fait ces manips, constates-tu des changements ? Améliorations ?

 

 

OK je fais les manips et poste les rapports dans qqs minutes ..... Merci

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)

Voilà les résultats:

 

1/ Rapport VunDoFix:

 

VundoFix V6.7.8

 

Checking Java version...

 

Java version is 1.4.2.2

Old versions of java are exploitable and should be removed.

 

Scan started at 03:15:00 10/02/2008

 

Listing files found while scanning....

 

C:\WINDOWS\system32\hdlsjkig.dll

C:\WINDOWS\system32\knnmp.ini

C:\WINDOWS\system32\knnmp.ini2

C:\WINDOWS\system32\pmnnk.dll

C:\WINDOWS\system32\rmyuynqt.dll

C:\WINDOWS\system32\scwcrrcf.dll

C:\WINDOWS\system32\uhioqvel.dll

C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\zlohajqo.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\hdlsjkig.dll

C:\WINDOWS\system32\hdlsjkig.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\knnmp.ini

C:\WINDOWS\system32\knnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\knnmp.ini2

C:\WINDOWS\system32\knnmp.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnnk.dll

C:\WINDOWS\system32\pmnnk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rmyuynqt.dll

C:\WINDOWS\system32\rmyuynqt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\scwcrrcf.dll

C:\WINDOWS\system32\scwcrrcf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\uhioqvel.dll

C:\WINDOWS\system32\uhioqvel.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\urqqopn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\urqqopn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

VundoFix V6.7.8

 

Checking Java version...

 

Java version is 1.4.2.2

Old versions of java are exploitable and should be removed.

 

Scan started at 10:41:12 10/02/2008

 

Listing files found while scanning....

 

C:\WINDOWS\system32\abipmekj.dll

C:\WINDOWS\system32\euctbybj.dll

C:\WINDOWS\system32\hspoanpd.dll

C:\WINDOWS\system32\ijjlm.ini

C:\WINDOWS\system32\ijjlm.ini2

C:\WINDOWS\system32\jbybtcue.ini

C:\WINDOWS\system32\jsenvmpu.dll

C:\WINDOWS\system32\lclfswug.dll

C:\windows\system32\lclfswug.dllbox

C:\WINDOWS\system32\mljji.dll

C:\WINDOWS\system32\nysdinyg.dll

C:\WINDOWS\system32\urqqopn.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\abipmekj.dll

C:\WINDOWS\system32\abipmekj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\euctbybj.dll

C:\WINDOWS\system32\euctbybj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hspoanpd.dll

C:\WINDOWS\system32\hspoanpd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijjlm.ini

C:\WINDOWS\system32\ijjlm.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijjlm.ini2

C:\WINDOWS\system32\ijjlm.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jbybtcue.ini

C:\WINDOWS\system32\jbybtcue.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jsenvmpu.dll

C:\WINDOWS\system32\jsenvmpu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lclfswug.dll

C:\WINDOWS\system32\lclfswug.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\lclfswug.dllbox

C:\windows\system32\lclfswug.dllbox Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mljji.dll

C:\WINDOWS\system32\mljji.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\nysdinyg.dll

C:\WINDOWS\system32\nysdinyg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\urqqopn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ijjlm.ini

C:\WINDOWS\system32\ijjlm.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijjlm.ini2

C:\WINDOWS\system32\ijjlm.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lclfswug.dll

C:\WINDOWS\system32\lclfswug.dll Has been deleted!

 

Attempting to delete C:\windows\system32\lclfswug.dllbox

C:\windows\system32\lclfswug.dllbox Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mljji.dll

C:\WINDOWS\system32\mljji.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\urqqopn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

VundoFix V6.7.8

 

Checking Java version...

 

Java version is 1.4.2.2

Old versions of java are exploitable and should be removed.

 

Scan started at 16:25:41 10/02/2008

 

Listing files found while scanning....

 

C:\WINDOWS\system32\fyvhagko.dll

C:\WINDOWS\system32\mmaululq.dll

C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\wgzedlpx.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\fyvhagko.dll

C:\WINDOWS\system32\fyvhagko.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mmaululq.dll

C:\WINDOWS\system32\mmaululq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\urqqopn.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\wgzedlpx.dll

C:\WINDOWS\system32\wgzedlpx.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\urqqopn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

2/Rapport ComboFix:

 

ComboFix 08-02.05.3 - rlainel 2008-02-10 17:04:29.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2895 [GMT 1:00]

Running from: d:\Documents and Settings\RLAINEL\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\jfexbowb.ini

C:\WINDOWS\system32\jtmurdpx.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\orutv.ini

C:\WINDOWS\system32\orutv.ini2

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\shhspgme.ini

C:\WINDOWS\system32\urqqopn.dll

C:\WINDOWS\system32\vdonhowa.ini

C:\WINDOWS\system32\x64

d:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

d:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible infected sites -----

 

hxxp://w2k3004.rnd.gemplus.com

.

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))

.

 

2008-02-10 16:58 . 2008-02-10 16:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2008-02-10 11:39 . 2008-02-10 13:31 294 --ahs---- C:\WINDOWS\system32\sgmeoyeq.ini

2008-02-10 10:37 . 2008-02-10 10:37 474 --ahs---- C:\WINDOWS\system32\gynidsyn.ini

2008-02-10 03:15 . 2008-02-10 16:58 <DIR> d-------- C:\VundoFix Backups

2008-02-10 03:14 . 2008-02-10 03:14 294 --ahs---- C:\WINDOWS\system32\fcrrcwcs.ini

2008-02-08 18:38 . 2008-02-10 02:08 <DIR> d-a------ d:\Documents and Settings\All Users\Application Data\TEMP

2008-02-08 18:33 . 2008-02-08 18:33 <DIR> d-------- d:\Documents and Settings\RLAINEL\Application Data\Simply Super Software

2008-02-08 18:33 . 2008-02-08 18:39 <DIR> d-------- C:\Program Files\Trojan Remover

2008-02-08 18:33 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-02-08 18:33 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-02-08 17:44 . 2008-02-08 17:44 <DIR> d-------- d:\Documents and Settings\LocalService\Application Data\StumbleUpon

2008-02-08 16:38 . 2008-02-08 16:38 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-02-08 11:38 . 2008-02-08 18:44 474 --ahs---- C:\WINDOWS\system32\ykqqaeds.ini

2008-02-08 11:37 . 2008-02-08 11:37 87,616 --a------ C:\WINDOWS\system32\sdeaqqky.dll.vir

2008-02-08 10:20 . 2008-02-08 10:16 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-08 10:20 . 2008-02-08 10:20 3,446 --a------ C:\WINDOWS\unins000.dat

2008-02-08 09:22 . 2008-02-08 09:22 <DIR> d-------- d:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-08 09:22 . 2008-02-08 09:22 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-06 23:04 . 2008-02-06 23:04 8,184 --a------ C:\WINDOWS\system32\vimiwsvg.dll

2008-02-04 18:38 . 2008-02-04 18:38 8,184 --a------ C:\WINDOWS\system32\geobrmfy.dll

2008-02-03 22:47 . 2008-02-03 22:52 <DIR> dr------- C:\Program Files\Add-ins

2008-02-03 22:47 . 2002-09-16 01:41 1,089,536 --a------ C:\WINDOWS\system32\Roboex32.dll

2008-02-03 18:38 . 2008-02-04 08:33 474 --ahs---- C:\WINDOWS\system32\cgatvvxj.ini

2008-02-03 17:37 . 2008-02-03 18:36 354 --ahs---- C:\WINDOWS\system32\gbqjqnfy.ini

2008-02-03 17:30 . 2008-02-10 00:45 354,175 --a------ C:\WINDOWS\system32\knnmp.ini2.vir

2008-02-03 17:30 . 2008-02-10 00:48 354,175 --a------ C:\WINDOWS\system32\knnmp.ini.vir

2008-02-03 17:25 . 2008-02-03 17:28 <DIR> d-------- C:\WINDOWS\system32\nGpxx01

2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\TEMP\cXzz9

2008-01-28 17:27 . 2005-08-16 15:05 36,864 --a------ C:\WINDOWS\VB6IDEMouseWheelAddin.dll

2008-01-28 17:24 . 2008-01-28 17:24 <DIR> d-------- C:\Program Files\MouseWheelExcel

2008-01-23 17:48 . 2008-01-23 17:48 <DIR> d--h----- C:\WINDOWS\PIF

2008-01-10 16:15 . 2008-01-10 17:39 32 --a------ C:\WINDOWS\0

2008-01-10 16:15 . 2008-01-10 16:15 0 --a------ C:\WINDOWS\system32\0

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 11:37 --------- d-----w d:\Documents and Settings\All Users\Application Data\Google Updater

2008-02-09 23:01 --------- d-----w C:\Program Files\Radmin

2008-02-09 15:13 --------- d-----r C:\Program Files\SyncBack

2008-02-08 11:51 --------- d-----w d:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-08 09:27 --------- d-----r C:\Program Files\Spybot - Search & Destroy

2008-02-08 08:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-28 13:13 --------- d-----r C:\Program Files\PSPad editor

2008-01-25 08:32 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\StumbleUpon

2008-01-19 11:24 --------- d-----r C:\Program Files\iTunes

2008-01-19 11:23 --------- d-----r C:\Program Files\iPod

2008-01-19 11:22 --------- d-----r C:\Program Files\QuickTime

2008-01-16 10:40 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-16 10:38 --------- d-----r C:\Program Files\RegCleaner

2008-01-11 17:20 --------- d-----w d:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-10 16:53 --------- d-----w d:\Documents and Settings\All Users\Application Data\Bluetooth

2008-01-10 16:17 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Nokia

2008-01-08 21:29 --------- d-----r C:\Program Files\Quintessential Player

2008-01-08 20:37 --------- d-----w C:\Program Files\IVT Corporation

2008-01-08 13:38 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Roxio

2008-01-08 13:30 --------- d-----w d:\Documents and Settings\All Users\Application Data\InstallShield

2008-01-08 13:30 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-08 13:29 --------- d-----w d:\Documents and Settings\All Users\Application Data\Sonic

2008-01-08 13:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-01-08 13:29 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-01-08 13:28 --------- d-----w C:\Program Files\Roxio

2008-01-08 13:28 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-01-06 19:03 --------- d-----r C:\Program Files\DVDFab HD Decrypter 3

2008-01-06 18:54 --------- d-----r C:\Program Files\Transparency_Glass

2007-12-27 17:02 --------- d-----r C:\Program Files\palmOne

2007-12-26 09:34 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\F-Secure

2007-12-20 08:58 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\InterVideo

2007-12-20 08:21 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\DVDFab

2007-12-19 08:43 --------- d-----w C:\Program Files\Windows Live Toolbar

2007-12-19 08:37 --------- d-----w d:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2007-12-19 08:34 --------- d-----w C:\Program Files\StumbleUpon

2007-12-14 07:45 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\SpamBayes

2007-12-14 07:44 --------- d-----w C:\Program Files\SpamBayes

2007-12-12 22:47 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2007-12-12 22:47 --------- d-----r C:\Program Files\Windows Live

2007-12-12 22:37 --------- d-----r C:\Program Files\Autoruns

2007-12-12 22:36 --------- d-----r C:\Program Files\The KMPlayer

2007-12-12 22:36 --------- d-----r C:\Program Files\Canon

2007-12-12 22:35 --------- d-----r C:\Program Files\SplashData

2007-12-12 22:35 --------- d-----r C:\Program Files\Polar

2007-12-12 22:35 --------- d-----r C:\Program Files\Photo Story 3 for Windows

2007-12-12 22:35 --------- d-----r C:\Program Files\File Lister

2007-12-12 22:35 --------- d-----r C:\Program Files\FastStone Image Viewer

2007-12-12 22:30 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\FastStone

2007-12-12 22:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 22:11 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Leadertech

2007-12-12 22:10 --------- d-----w d:\Documents and Settings\All Users\Application Data\HotSync

2007-12-12 22:09 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\HotSync

2007-12-12 22:08 53,248 ----a-w C:\WINDOWS\PalmDevC.dll

2007-12-12 22:08 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys

2007-12-12 17:28 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\AdobeUM

2007-12-12 17:27 --------- d-----w C:\Program Files\Common Files\PCSuite

2007-12-12 17:27 --------- d-----w C:\Program Files\Common Files\Nokia

2007-12-12 17:27 --------- d-----r C:\Program Files\Nokia

2007-12-12 17:26 --------- d-----w C:\Program Files\PC Connectivity Solution

2007-12-12 17:21 --------- d-----w d:\Documents and Settings\All Users\Application Data\Installations

2007-12-12 15:22 --------- d-----w C:\Program Files\Common Files\Borland

2007-12-12 15:22 --------- d-----w C:\Program Files\Artviews

2007-12-12 07:38 --------- d-----r C:\Program Files\totalcmd

2007-12-11 22:25 --------- d-----r C:\Program Files\Picasa2

2007-12-11 22:07 --------- d-----r C:\Program Files\X1

2007-12-11 21:51 --------- d-----r C:\Program Files\Cegetel

2007-12-11 21:51 --------- d-----r C:\Program Files\CCleaner

2007-12-11 21:44 --------- d-----r C:\Program Files\Apple Software Update

2007-12-11 21:31 --------- d-----r C:\Program Files\Google

2007-12-11 21:29 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Apple Computer

2007-12-11 21:29 --------- d-----w d:\Documents and Settings\All Users\Application Data\Apple Computer

2007-12-11 21:27 --------- d-----w d:\Documents and Settings\All Users\Application Data\Apple

2007-12-11 21:27 --------- d-----w C:\Program Files\Common Files\Apple

2007-12-11 20:27 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Windows Live Writer

2007-12-11 19:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2007-12-11 17:02 --------- d-----w C:\Program Files\Java

2007-12-11 16:55 --------- d-----w C:\Program Files\Oracle

2007-12-11 16:36 --------- d-----w C:\Program Files\Bomgar

2007-12-11 15:37 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\PSpad

2007-12-11 15:26 --------- d-----r C:\Program Files\Conjug

2007-12-11 13:08 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\PC Suite

2007-12-11 13:08 --------- d-----w d:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-11 13:02 --------- d-----w C:\Program Files\DIFX

2007-12-11 12:54 --------- d-----r C:\Program Files\iColorFolder

2007-12-11 12:54 --------- d-----r C:\Program Files\7-Zip

2007-12-11 12:52 106 --sha-w C:\Program Files\desktop.ini

2007-12-11 12:10 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Talkback

2007-12-11 10:13 --------- d-----w d:\Documents and Settings\All Users\Application Data\MobileXpress client

2007-12-11 10:13 --------- d-----w d:\Documents and Settings\All Users\Application Data\BT Common Client

2007-12-11 10:13 --------- d-----w C:\Program Files\MobileXpress client

2007-12-11 10:13 --------- d-----w C:\Program Files\BT Common Client

2007-12-11 10:09 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\MobileXpress client

2007-12-11 07:49 --------- d-----w d:\Documents and Settings\Administrator\Application Data\F-Secure

2007-12-11 07:47 --------- d-----w d:\Documents and Settings\All Users\Application Data\Infonet Services Corporation

2007-12-11 07:47 --------- d-----w d:\Documents and Settings\Administrator\Application Data\Infonet Services Corporation

2007-12-11 07:47 --------- d-----w C:\Program Files\Infonet Services Corporation

2007-12-11 07:32 --------- d-----w C:\Program Files\Jasc Software Inc

2007-12-11 07:31 --------- d-----w C:\Program Files\Harrap's Multimédia

2007-12-11 07:25 --------- d-----w C:\Program Files\FileZilla

2007-12-11 07:24 --------- d-----w C:\Program Files\Business Objects

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5319181E-7DB0-4602-96A4-C6A6E8A1F975}]

C:\WINDOWS\system32\mljji.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E13D903F-1321-4350-B69F-94EE6CB36BF0}]

C:\WINDOWS\system32\pmnnk.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEB8B5F9-5CB0-435B-BED8-094BA9DDB6BC}]

C:\WINDOWS\system32\vturo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F45F22F7-50FE-4345-BF5E-A4AB08DB4647}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAE2E71A-5B54-4A5D-84F5-5CF7524D17EF}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

"updateMgr"="C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 18:17 395264]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

"X1FileMonitor.exe"="C:\Program Files\X1\X1FileMonitor.exe" [2007-04-03 18:08 428544]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"PCTVOICE"="pctspk.exe" [2002-07-18 16:58 163840 C:\WINDOWS\system32\pctspk.exe]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 13:26 303104 C:\WINDOWS\stsystra.exe]

"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 02:51 122929]

"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032]

"RegTool"="C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe" [2004-08-24 13:56 40960]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104]

"nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-11 13:18 1836544]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 19:01 32881]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-08 18:36 743504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

 

D:\Documents and Settings\RLAINEL\Start Menu\Programs\Startup\

X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe [2007-04-03 18:08:34 345088]

X1.lnk - C:\Program Files\X1\X1.exe [2007-04-03 18:09:04 4964352]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2007-12-11 08:22:33 25214]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 15:57:44 691984]

F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2007-12-10 15:58:22 32807]

Harrap's Shorter.lnk - C:\WINDOWS\Installer\{8E6BA0F5-DD49-490F-8653-9A4369220B7D}\Icon8E6BA0F5.exe [2007-12-11 08:32:06 6144]

HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:27:34 471040]

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-11 13:14:45 124400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

ckpNotify.dll 2006-04-09 21:24 24674 C:\WINDOWS\system32\ckpNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgzedlpx]

wgzedlpx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zlohajqo]

zlohajqo.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=SetDNSSuffixSearchOrder.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]

"Script"=LocalAdmPwd.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\2]

"Script"=LocalAdmDom.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\3]

"Script"=update.vbs

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-10-12 11:19]

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-12-10 15:58]

R2 BT Common Client;BT Common Client;"C:\Program Files\BT Common Client\btomosrv.exe" [2007-07-03 15:44]

R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 21:24]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 14:37]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 15:30]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 14:37]

R2 GemSAFE Card Access Service;GemSAFE Card Access Service;C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe [2004-06-28 16:44]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 21:24]

R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 21:24]

R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 21:24]

S2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" [2001-07-24 16:15]

S3 BTHFILT;Filtre de commande Bluetooth;C:\WINDOWS\system32\DRIVERS\BthFilt.sys [2006-11-06 22:13]

S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 13:41]

S3 BTWSp50;BTWSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BTWSp50.sys [2007-04-20 09:14]

S3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-10-23 16:04]

S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 10:46]

S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2000-10-27 12:45]

S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 21:58]

S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-01-10 16:22]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-07 07:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-02-10 00:04:52 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt

"2008-02-10 15:19:57 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"

- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 17:09:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]

-> C:\WINDOWS\system32\DLAAPI_W.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\StacSV.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\F-Secure\FSGUI\fsguidll.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Acrobat\acrobat_sl.exe

C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe

C:\Program Files\X1\X1Service.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

.

**************************************************************************

.

Completion time: 2008-02-10 17:12:03 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-10 16:11:57

.

2008-01-18 17:03:40 --- E O F ---

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

3/ le log Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:14, on 2008-02-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\BT Common Client\btomosrv.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\stsystra.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe

C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Distillr\Acrotray.exe

C:\Program Files\F-Secure\FSGUI\fsguidll.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\X1\X1FileMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Adobe\Acrobat\acrobat_sl.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\X1\X1Systray.exe

C:\Program Files\X1\X1.exe

C:\Program Files\X1\X1Service.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\PSPad editor\PSPad.exe

d:\Documents and Settings\RLAINEL\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gweb.gemalto.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gweb1.gemalto.com/user/wwproxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {5319181E-7DB0-4602-96A4-C6A6E8A1F975} - C:\WINDOWS\system32\mljji.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {E13D903F-1321-4350-B69F-94EE6CB36BF0} - C:\WINDOWS\system32\pmnnk.dll (file missing)

O2 - BHO: (no name) - {EEB8B5F9-5CB0-435B-BED8-094BA9DDB6BC} - C:\WINDOWS\system32\vturo.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [RegTool] C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe AcStd7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe

O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

O4 - Global Startup: Harrap's Shorter.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://gemweb.gemenos.eur.gemplus.com/index.html

O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - https://trackerweb03.rnd.gemplus.com/trackdoc/trkpm660ie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) -

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198050970694

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F9B3E1F4-3F66-11D3-AD61-0090275A7262} (ZABOClientControl Class) - http://ggentp48.gemenos.eur.gemplus.com/wi...eX/ZABOIEEN.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rnd.gemplus.com

O17 - HKLM\Software\..\Telephony: DomainName = rnd.gemplus.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rnd.gemplus.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rnd.gemplus.com,china.rnd.gemplus.com,gemenos.eur.gemplus.com,ds.gemplus.com,corp.ds.gemplus.com,axalto.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rnd.gemplus.com,china.rnd.gemplus.com,gemenos.eur.gemplus.com,ds.gemplus.com,corp.ds.gemplus.com,axalto.com

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: wgzedlpx - wgzedlpx.dll (file missing)

O20 - Winlogon Notify: zlohajqo - zlohajqo.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: BT Common Client - British Telecommunications Plc. - C:\Program Files\BT Common Client\btomosrv.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: GemSAFE Card Access Service - Gemplus - C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OracleClientCache80 - Unknown owner - c:\orant\BIN\ONRSD80.EXE

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 17656 bytes

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Pour ce qui est des changements immediats, toutes les dll de mauvaise augure semblent avoir disparues :P :

- urqqopn.dll

- pmnnk.dll

- zlohajqo.dll

- uhioqvel.dll

- hdlsikig.dll

- rmyuynqt.dll

- knnmp.ini

- knnmp.ini2

- ADMDLL.dll

- sdeaqqky.dll

 

ainsi que mes quelques 7500 fichiers temp in wood :P

 

tout ceci me parait super :P

 

je vais repasser un coup de F-Secure pour etre totalement rassuré et je te poste le résultat des que fini.

 

En tous cas merci beaucoup pour le coup de main :P

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)

apres un nouveau passage de f-secure sur C: pas de virus détecté YESSSSssss

 

tout semble rentre dans l'ordre :P

 

il y a t'il qqs chose que je dois faire en plus pour être tout à fait tranquille ?

 

Merci beaucoup beaucoup pour ton aide, t'es trop balaize et moi trop nul j'ai batailler pendant des heures et des heures pour quedal et toi en 2 coups de cuillère à pot tu as réglé le truc. Je dis chapeau Môsieur :P

Diamondz Mega Power Member

Diamondz

Posté(e)
Posté(e)

Re, désolé de t'avoir fait attendre.

Ce sera bientôt fini :P.

 

Vérifie que combofix.exe se trouve bien sur ton bureau

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

 

File::

C:\WINDOWS\system32\sgmeoyeq.ini

C:\WINDOWS\system32\gynidsyn.ini

C:\WINDOWS\system32\fcrrcwcs.ini

C:\WINDOWS\system32\ykqqaeds.ini

C:\WINDOWS\system32\sdeaqqky.dll.vir

C:\WINDOWS\system32\vimiwsvg.dll

C:\WINDOWS\system32\geobrmfy.dll

C:\WINDOWS\system32\cgatvvxj.ini

C:\WINDOWS\system32\gbqjqnfy.ini

C:\WINDOWS\system32\knnmp.ini2.vir

C:\WINDOWS\system32\knnmp.ini.vir

C:\WINDOWS\system32\nGpxx01

C:\TEMP\cXzz9

C:\WINDOWS\system32\mljji.dll

C:\WINDOWS\system32\pmnnk.dll

C:\WINDOWS\system32\vturo.dll

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5319181E-7DB0-4602-96A4-C6A6E8A1F975}]

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E13D903F-1321-4350-B69F-94EE6CB36BF0}]

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEB8B5F9-5CB0-435B-BED8-094BA9DDB6BC}]

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F45F22F7-50FE-4345-BF5E-A4AB08DB4647}]

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAE2E71A-5B54-4A5D-84F5-5CF7524D17EF}]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgzedlpx]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zlohajqo]

 

Enregistre ce fichier sous le nom CFScript

 

-Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

-Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

-Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

-Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

 

-Si le fichier ne s'ouvre pas, il se trouve ici > %SYSTEMDRIVE%\ComboFix.txt

 

PUIS

 

Ouvre internet explorer --> Outils --> Options internet --> onglet "sécurité" --> Valide "niveau par défaut".

Toujours sur Internet explorer --> Outils --> Options internet --> onglet "avancé" --> valide "Paramètres par défaut".

 

Pour effectuer les scans, désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).

 

Scan en ligne avec Kaspersky :

- Fais un Scan en ligne sur Kaspersky en utilisant Internet Explorer et pas firefox, ça ne marchera pas!.

- Si tu es perdu, tu peux suivre cette aide pour les scans en ligne

- Scan le poste de travail

- Copie/colle le rapport du scan ici

 

Note : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", vas dans Ajout/Suppression de programmes et désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

 

Si le scan avec Kaspersky ne fonctionne pas, tu peux faire un scan en ligne avec Panda :

- Fais un scan avec panda en désactivant ton antivirus pendant le scan!

(Si tu es perdu, tu peux suivre cette aide pour les scans en ligne)

- Copie/colle le rapport panda ici

 

DONC

Tu as deux étapes à suivre dans lordre (signale-moi si tu as sauté une étape puis fais la suite) :

-ComboFix +rapport

-Scan en ligne +rapport

tepoztlan Junior Member

tepoztlan

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

je ne me suis pas connecter depuis hier soir ...

 

aujourd'hui je suis au boulot et ça ne va pas etre facile pour moi de faire ces manips.

 

je le ferai ce soir après le taff. J'espère que ça ne met pas trop en peril mon PC qui somme toute fonctionne bien mieux (voir tres bien) depuis ton intervention.

 

Encore merci .

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...