Sujet Précédent Sujet Suivant

[Troajn-Virus]trojan-downloader-conhook

Résolu
louiz Messages postés 23 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour à tous,
Voilà, j'ai scanné mon ordinateur portable (windows XP SP2) après avoir remarqué l'apparition fréquente de popup génant (et une impression d'être déconnecté d'internet très souvent). J'ai utilisé ad-aware, spy sweeper et Spybot, ils m'ont tous trouvé le trojan Conhook. (mais n'ont pas réussi à les supprimer malgré les nombreux scan, reset etc)

J'ai donc cherché des solutions pour m'en débarrasser et suis tombée ici-même.

J'ai téléchargé HijackThis que j'ai placé sur le bureau et effectué un scan dont voici le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 19:52:44, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\idd6.tmp.exe
C:\WINDOWS\TEMP\idd8.tmp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\idd1E2.tmp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Louiz\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Je fais donc appelle à votre aide, s'il vous plait, pour essayer d'éradiquer ce fléau.
Merci
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
louiz Messages postés 23 Statut Membre
 
J'ai également fait un scan avec ewido dont voici le rapport, si ça peut aider :

HKU\S-1-5-21-3990316752-2070709017-4145673078-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : No action taken.
C:\Program Files\Cowabanga\Cowabanga.exe -> Adware.MediaTicket : No action taken.
C:\Documents and Settings\Louiz\Local Settings\Temporary Internet Files\Content.IE5\YZSRQBQP\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : No action taken.
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : No action taken.
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : No action taken.
C:\Documents and Settings\Louiz\Mes documents\Download\crack.exe -> Downloader.Adload.cw : No action taken.
C:\Documents and Settings\Louiz\Mes documents\Download\install.exe -> Downloader.Small.bwy : No action taken.
:mozilla.15:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.16:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.17:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.18:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.19:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.20:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Louiz\Cookies\louiz@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.187:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.92:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.207:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.220:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.221:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.222:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.223:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.83:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.23:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.133:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.12:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.47:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.178:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.113:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Louiz\Cookies\louiz@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.167:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.168:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.169:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.170:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.171:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.172:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.7:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.8:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.9:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.179:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.89:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.90:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.91:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.157:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.158:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.201:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.10:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.11:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.177:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.116:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.117:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.118:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.119:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.120:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.123:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.124:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.125:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.126:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.127:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

(mon problème est toujours présent)

merci.
0
Réponse 2 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Avec ewido, lors du scan, choisis l option supprimer.

a+
0
Réponse 3 / 31
louiz Messages postés 23 Statut Membre
 
Voilà, j'ai supprimé tous les fichiers trouvés par Ewido (j'ai refait un scan il n'a rien trouvé) et j'ai reseté, mais le problème semble toujours être présent ...
0
Réponse 4 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Remet un HijackThis

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
louiz Messages postés 23 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 23:51:46, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Louiz\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0
Réponse 6 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Qui te detecte Conhook stp?

a+
0
Réponse 7 / 31
louiz Messages postés 23 Statut Membre
 
Spy Sweeper me le trouve (et n'arrive pas à le supprimer), mais c'est le seul des anti-spyware que j'ai que le trouve.
"Trojan Horse found: trojan-downloader-conhook"
0
Réponse 8 / 31
louiz Messages postés 23 Statut Membre
 
D'ailleurs il me trouve également ça :
"Trojan Horse found: trojan agent winlogonhook" qui semble lié à conhook, et c'est le seul anti-spyware à le détecter, également.
0
Réponse 9 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Indique t il un endroit? Un fichier?

a+
0
Réponse 10 / 31
louiz Messages postés 23 Statut Membre
 
dans le "session log" on peut lire ça

12:18: Starting Memory Sweep
12:23: Found Trojan Horse: trojan agent winlogonhook
12:23: Detected running threat: c:\WINDOWS\system32\winzoa32.dll (ID = 416)
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation allowed at user request
12:36: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
12:36: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374116)
12:36: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374128)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
12:36: Registry Sweep Complete, Elapsed Time:00:00:48
12:36: Starting Cookie Sweep
12:36: Found Spy Cookie: adultfriendfinder cookie
12:36: louiz@adultfriendfinder[2].txt (ID = 2165)
12:36: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:36: Starting File Sweep
12:44: Warning: Failed to read file "c:\documents and settings\louiz\mes documents\windowblinds5_public.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
12:49: Warning: Failed to read file "c:\program files\mozilla firefox\avg71f_395a764.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
13:06: File Sweep Complete, Elapsed Time: 00:30:08
13:06: Full Sweep has completed. Elapsed time 00:48:17
13:06: Traces Found: 29
13:53: Removal process initiated
13:53: Quarantining All Traces: trojan agent winlogonhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan agent winlogonhook
13:53: Failed to quarantine HKLM: software\microsoft\mssmgr\
13:53: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
13:53: Quarantining All Traces: trojan-downloader-conhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan-downloader-conhook
13:53: Failed to quarantine yayxuvu.dll
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Quarantining All Traces: adultfriendfinder cookie
13:53: Warning: Out of memory
13:53: Failed to quarantine adultfriendfinder cookie
13:53: Failed to quarantine louiz@adultfriendfinder[2].txt
13:53: Removal process completed. Elapsed time 00:00:18
********
0
Réponse 11 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut;

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
c:\WINDOWS\system32\winzoa32.dll

et

C:\WINDOWS\SYSTEM32\yayxuvu.dll

Clik send et colle les 2 rapports stp

A+
0
Réponse 12 / 31
louiz Messages postés 23 Statut Membre
 
Complete scanning result of "yayxuvu.dll", received in VirusTotal at 07.15.2006, 14:09:35 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.21 07.15.2006 ADSPY/Virtumonde.B
Authentium 4.93.8 07.14.2006 no virus found
Avast 4.7.844.0 07.14.2006 no virus found
AVG 386 07.14.2006 no virus found
BitDefender 7.2 07.15.2006 no virus found
CAT-QuickHeal 8.00 07.13.2006 no virus found
ClamAV devel-20060426 07.14.2006 no virus found
DrWeb 4.33 07.15.2006 Trojan.Virtumod
eTrust-InoculateIT 23.72.69 07.14.2006 no virus found
eTrust-Vet 12.6.2297 07.14.2006 Win32/Chisyne!generic
Ewido 4.0 07.15.2006 no virus found
Fortinet 2.77.0.0 07.15.2006 Vundo!tr
F-Prot 3.16f 07.14.2006 no virus found
F-Prot4 4.2.1.29 07.14.2006 no virus found
Ikarus 0.2.65.0 07.14.2006 no virus found
Kaspersky 4.0.2.24 07.15.2006 no virus found
McAfee 4807 07.14.2006 Vundo
Microsoft 1.1508 07.15.2006 no virus found
NOD32v2 1.1662 07.15.2006 no virus found
Norman 5.90.23 07.14.2006 no virus found
Panda 9.0.0.4 07.15.2006 Suspicious file
Sophos 4.07.0 07.14.2006 no virus found
Symantec 8.0 07.15.2006 Downloader
TheHacker 5.9.8.175 07.13.2006 no virus found
UNA 1.83 07.14.2006 no virus found
VBA32 3.11.0 07.14.2006 no virus found
VirusBuster 4.3.7:9 07.14.2006 no virus found

Aditional Information
File size: 38925 bytes
MD5: d3570375c8e0a8bff473234c43277bdb
SHA1: 27ad8a7fb1b94b8d455d27280f0e9c1d5683f09c

et

Complete scanning result of "winzoa32.dll", received in VirusTotal at 07.15.2006, 14:15:08 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.21 07.15.2006 TR/PCK.Klone.G.14
Authentium 4.93.8 07.14.2006 no virus found
Avast 4.7.844.0 07.14.2006 no virus found
AVG 386 07.14.2006 no virus found
BitDefender 7.2 07.15.2006 no virus found
CAT-QuickHeal 8.00 07.13.2006 no virus found
ClamAV devel-20060426 07.14.2006 no virus found
DrWeb 4.33 07.15.2006 no virus found
eTrust-InoculateIT 23.72.69 07.14.2006 no virus found
eTrust-Vet 12.6.2297 07.14.2006 no virus found
Ewido 4.0 07.15.2006 no virus found
Fortinet 2.77.0.0 07.15.2006 W32/Klone.G
F-Prot 3.16f 07.14.2006 no virus found
F-Prot4 4.2.1.29 07.14.2006 no virus found
Ikarus 0.2.65.0 07.14.2006 no virus found
Kaspersky 4.0.2.24 07.15.2006 Packed.Win32.Klone.g
McAfee 4807 07.14.2006 no virus found
Microsoft 1.1508 07.15.2006 no virus found
NOD32v2 1.1662 07.15.2006 no virus found
Norman 5.90.23 07.14.2006 no virus found
Panda 9.0.0.4 07.15.2006 Adware/SuperSpider
Sophos 4.07.0 07.14.2006 no virus found
Symantec 8.0 07.15.2006 Trojan Horse
TheHacker 5.9.8.175 07.13.2006 no virus found
UNA 1.83 07.14.2006 no virus found
VBA32 3.11.0 07.14.2006 no virus found
VirusBuster 4.3.7:9 07.14.2006 no virus found

Aditional Information
File size: 18432 bytes
MD5: d89f684bdee3fe0369d5865042afb1df
SHA1: 23185a456c85becc5967b1c3470d1e11b69f463c
packers: PecBundle, PECompact

Pour une meilleur lisibilité, j'ai fait des screenshot (hebgergée sur imageshack) :
http://img122.imageshack.us/img122/5600/screen02qa6.jpg
http://img99.imageshack.us/img99/5474/screen03rl0.jpg

Et en plus, un screenshot de Spy Sweeper (au cas où ça pourrait aider)
http://img122.imageshack.us/img122/6760/screen01kb3.jpg

voilà, merci
0
Réponse 13 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

Super !
Merci pour les screens, surtout si tu en remet, privilegies les liens que tu as mis, c est parfait....

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
0
Réponse 14 / 31
louiz Messages postés 23 Statut Membre
 
Voilà, j'ai donc executé VirtumundoBegone, redemarré et lancé un hijackthis (après le reset donc)

le rapport VBG :

[07/15/2006, 14:30:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Louiz\Bureau\VirtumundoBeGone.exe" )
[07/15/2006, 14:30:47] - Detected System Information:
[07/15/2006, 14:30:47] - Windows Version: 5.1.2600, Service Pack 2
[07/15/2006, 14:30:47] - Current Username: Louiz (Admin)
[07/15/2006, 14:30:47] - Windows is in NORMAL mode.
[07/15/2006, 14:30:47] - Searching for Browser Helper Objects:
[07/15/2006, 14:30:47] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/15/2006, 14:30:47] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[07/15/2006, 14:30:47] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/15/2006, 14:30:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/15/2006, 14:30:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/15/2006, 14:30:47] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[07/15/2006, 14:30:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:47] - Checking for HKLM\...\Winlogon\Notify\yayxuvu
[07/15/2006, 14:30:47] - Found: HKLM\...\Winlogon\Notify\yayxuvu - This is probably Virtumundo.
[07/15/2006, 14:30:47] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[07/15/2006, 14:30:47] - BHO list has been changed! Starting over...
[07/15/2006, 14:30:47] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/15/2006, 14:30:47] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[07/15/2006, 14:30:47] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/15/2006, 14:30:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/15/2006, 14:30:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/15/2006, 14:30:48] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[07/15/2006, 14:30:48] - ALERT: Found MSEvents Object!
[07/15/2006, 14:30:48] - BHO 5: {861BD06F-4ABE-474A-9FFA-6872FCA98C34} ()
[07/15/2006, 14:30:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:48] - Checking for HKLM\...\Winlogon\Notify\jkklm
[07/15/2006, 14:30:48] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo.
[07/15/2006, 14:30:48] - Assigning {861BD06F-4ABE-474A-9FFA-6872FCA98C34} MSEvents Object
[07/15/2006, 14:30:48] - BHO list has been changed! Starting over...
[07/15/2006, 14:30:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/15/2006, 14:30:48] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[07/15/2006, 14:30:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/15/2006, 14:30:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/15/2006, 14:30:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/15/2006, 14:30:49] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[07/15/2006, 14:30:49] - ALERT: Found MSEvents Object!
[07/15/2006, 14:30:49] - BHO 5: {861BD06F-4ABE-474A-9FFA-6872FCA98C34} (MSEvents Object)
[07/15/2006, 14:30:49] - ALERT: Found MSEvents Object!
[07/15/2006, 14:30:49] - Finished Searching Browser Helper Objects
[07/15/2006, 14:30:49] - *** Detected MSEvents Object
[07/15/2006, 14:30:49] - Trying to remove MSEvents Object...
[07/15/2006, 14:30:50] - Terminating Process: IEXPLORE.EXE
[07/15/2006, 14:30:51] - Terminating Process: RUNDLL32.EXE
[07/15/2006, 14:30:51] - Disabling Automatic Shell Restart
[07/15/2006, 14:30:51] - Terminating Process: EXPLORER.EXE
[07/15/2006, 14:30:51] - Suspending the NT Session Manager System Service
[07/15/2006, 14:30:51] - Terminating Windows NT Logon/Logoff Manager
[07/15/2006, 14:30:51] - Re-enabling Automatic Shell Restart
[07/15/2006, 14:30:51] - File to disable: C:\WINDOWS\system32\yayxuvu.dll
[07/15/2006, 14:30:52] - Renaming C:\WINDOWS\system32\yayxuvu.dll -> C:\WINDOWS\system32\yayxuvu.dll.vir
[07/15/2006, 14:30:52] - File successfully renamed!
[07/15/2006, 14:30:52] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[07/15/2006, 14:30:52] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[07/15/2006, 14:30:52] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[07/15/2006, 14:30:52] - Deleting ATLEvents/MSEvents Registry entries
[07/15/2006, 14:30:52] - Removing HKLM\...\Winlogon\Notify\yayxuvu
[07/15/2006, 14:30:52] - Searching for Browser Helper Objects:
[07/15/2006, 14:30:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/15/2006, 14:30:52] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[07/15/2006, 14:30:52] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/15/2006, 14:30:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/15/2006, 14:30:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/15/2006, 14:30:53] - BHO 4: {861BD06F-4ABE-474A-9FFA-6872FCA98C34} (MSEvents Object)
[07/15/2006, 14:30:53] - ALERT: Found MSEvents Object!
[07/15/2006, 14:30:53] - Finished Searching Browser Helper Objects
[07/15/2006, 14:30:53] - *** Detected MSEvents Object
[07/15/2006, 14:30:53] - Trying to remove MSEvents Object...
[07/15/2006, 14:30:54] - Terminating Process: IEXPLORE.EXE
[07/15/2006, 14:30:54] - Terminating Process: RUNDLL32.EXE
[07/15/2006, 14:30:54] - Disabling Automatic Shell Restart
[07/15/2006, 14:30:54] - Terminating Process: EXPLORER.EXE
[07/15/2006, 14:30:54] - Suspending the NT Session Manager System Service
[07/15/2006, 14:30:54] - Terminating Windows NT Logon/Logoff Manager
[07/15/2006, 14:30:54] - Re-enabling Automatic Shell Restart
[07/15/2006, 14:30:54] - File to disable: C:\WINDOWS\system32\jkklm.dll
[07/15/2006, 14:30:55] - Renaming C:\WINDOWS\system32\jkklm.dll -> C:\WINDOWS\system32\jkklm.dll.vir
[07/15/2006, 14:30:56] - File successfully renamed!
[07/15/2006, 14:30:56] - Removing HKLM\...\Browser Helper Objects\{861BD06F-4ABE-474A-9FFA-6872FCA98C34}
[07/15/2006, 14:30:56] - Removing HKCR\CLSID\{861BD06F-4ABE-474A-9FFA-6872FCA98C34}
[07/15/2006, 14:30:56] - Adding Kill Bit for ActiveX for GUID: {861BD06F-4ABE-474A-9FFA-6872FCA98C34}
[07/15/2006, 14:30:56] - Deleting ATLEvents/MSEvents Registry entries
[07/15/2006, 14:30:56] - Removing HKLM\...\Winlogon\Notify\jkklm
[07/15/2006, 14:30:56] - Searching for Browser Helper Objects:
[07/15/2006, 14:30:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/15/2006, 14:30:56] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[07/15/2006, 14:30:56] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/15/2006, 14:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/15/2006, 14:30:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/15/2006, 14:30:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/15/2006, 14:30:56] - Finished Searching Browser Helper Objects
[07/15/2006, 14:30:56] - Finishing up...
[07/15/2006, 14:30:56] - A restart is needed.
[07/15/2006, 14:30:56] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/15/2006, 14:31:10] - Attempting to Restart via STOP error (Blue Screen!)

Le HiJackThis :

Logfile of HijackThis v1.99.1
Scan saved at 14:35:21, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Louiz\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

voilà.
0
Réponse 15 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Fixe ceci
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

On dirait qu il n a pas reussi a les supprimer.

Tu relance un scan avec spy sweeper et donne le rapport

a+
0
Réponse 16 / 31
louiz Messages postés 23 Statut Membre
 
Voilà, j'ai donc coché la case O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) et cliqué sur Fixe Selected (si "fixer" ne signifie pas ça, dites le moi ;))

Le scan de Spy Sweeper donne ensuite ceci (apparement il ne détecte plus Conhook ! (mais toujours winlogonhook))

********
14:47: | Start of Session, samedi 15 juillet 2006 |
14:47: Spy Sweeper started
14:47: Sweep initiated using definitions version 719
14:47: Starting Memory Sweep
14:53: Memory Sweep Complete, Elapsed Time: 00:05:54
14:53: Starting Registry Sweep
14:53: Found Trojan Horse: trojan agent winlogonhook
14:53: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
14:53: Registry Sweep Complete, Elapsed Time:00:00:08
14:53: Starting Cookie Sweep
14:53: Found Spy Cookie: atlas dmt cookie
14:53: louiz@atdmt[1].txt (ID = 2253)
14:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
14:53: Starting File Sweep
15:11: File Sweep Complete, Elapsed Time: 00:18:09
15:11: Full Sweep has completed. Elapsed time 00:24:11
15:11: Traces Found: 14
15:23: Removal process initiated
15:23: Quarantining All Traces: trojan agent winlogonhook
15:23: Quarantining All Traces: atlas dmt cookie
15:23: Removal process completed. Elapsed time 00:00:00
********
12:18: | Start of Session, samedi 15 juillet 2006 |
12:18: Spy Sweeper started
12:18: Sweep initiated using definitions version 719
12:18: Found Trojan Horse: trojan-downloader-conhook
12:18: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (2 subtraces) (ID = 1375012)
12:18: yayxuvu.dll (ID = 1375012)
12:18: Starting Memory Sweep
12:23: Found Trojan Horse: trojan agent winlogonhook
12:23: Detected running threat: c:\WINDOWS\system32\winzoa32.dll (ID = 416)
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Memory Sweep Complete, Elapsed Time: 00:17:11
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Starting Registry Sweep
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation allowed at user request
12:36: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
12:36: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374116)
12:36: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374128)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
12:36: Registry Sweep Complete, Elapsed Time:00:00:48
12:36: Starting Cookie Sweep
12:36: Found Spy Cookie: adultfriendfinder cookie
12:36: louiz@adultfriendfinder[2].txt (ID = 2165)
12:36: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:36: Starting File Sweep
12:44: Warning: Failed to read file "c:\documents and settings\louiz\mes documents\windowblinds5_public.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
12:49: Warning: Failed to read file "c:\program files\mozilla firefox\avg71f_395a764.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
13:06: File Sweep Complete, Elapsed Time: 00:30:08
13:06: Full Sweep has completed. Elapsed time 00:48:17
13:06: Traces Found: 29
13:53: Removal process initiated
13:53: Quarantining All Traces: trojan agent winlogonhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan agent winlogonhook
13:53: Failed to quarantine HKLM: software\microsoft\mssmgr\
13:53: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
13:53: Quarantining All Traces: trojan-downloader-conhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan-downloader-conhook
13:53: Failed to quarantine yayxuvu.dll
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Quarantining All Traces: adultfriendfinder cookie
13:53: Warning: Out of memory
13:53: Failed to quarantine adultfriendfinder cookie
13:53: Failed to quarantine louiz@adultfriendfinder[2].txt
13:53: Removal process completed. Elapsed time 00:00:18
14:22: Removal process initiated
14:22: Quarantining All Traces: trojan agent winlogonhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan agent winlogonhook
14:22: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:22: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:22: Quarantining All Traces: trojan-downloader-conhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan-downloader-conhook
14:22: Failed to quarantine yayxuvu.dll
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Quarantining All Traces: adultfriendfinder cookie
14:22: Warning: Out of memory
14:22: Failed to quarantine adultfriendfinder cookie
14:22: Failed to quarantine louiz@adultfriendfinder[2].txt
14:22: Removal process completed. Elapsed time 00:00:05
14:23: Removal process initiated
14:23: Quarantining All Traces: trojan agent winlogonhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan agent winlogonhook
14:23: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:23: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:23: Quarantining All Traces: trojan-downloader-conhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan-downloader-conhook
14:23: Failed to quarantine yayxuvu.dll
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Quarantining All Traces: adultfriendfinder cookie
14:23: Removal process completed. Elapsed time 00:00:05
14:33: Processing Startup Alerts
14:33: Allowed Startup entry: msnmsgr
14:39: Processing Startup Alerts
14:39: Allowed Startup entry: msnmsgr
14:47: | End of Session, samedi 15 juillet 2006 |
********
12:15: | Start of Session, samedi 15 juillet 2006 |
12:15: Spy Sweeper started
12:18: Your spyware definitions have been updated.
12:18: | End of Session, samedi 15 juillet 2006 |
0
Réponse 17 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Dis moi, il existe toujours celui ci: c:\WINDOWS\system32\winzoa32.dll ?

Celui ci a disparu?
C:\WINDOWS\SYSTEM32\yayxuvu.dll

PS: Il faut cliker sur Fix Checked ;-)

A+
0
Réponse 18 / 31
louiz Messages postés 23 Statut Membre
 
c:\WINDOWS\system32\winzoa32.dll a disparu

mais C:\WINDOWS\SYSTEM32\yayxuvu.dll est toujours là...

(et oui, c'est "fix checked" que j'avais fait, je me suis juste trompé en l'écrivant ici :p)
0
Réponse 19 / 31
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
ok lol

Téléchargement :
http://www.killbox.net/downloads/KillBox.exe

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
- -Sélectionne "single File"
copie et colle:

C:\WINDOWS\SYSTEM32\yayxuvu.dll

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.
Et après reposte un rapport de spy sweeper.

A+
0
Réponse 20 / 31
louiz Messages postés 23 Statut Membre
 
********
17:58: | Start of Session, samedi 15 juillet 2006 |
17:58: Spy Sweeper started
17:58: Sweep initiated using definitions version 719
17:58: Starting Memory Sweep
18:03: Memory Sweep Complete, Elapsed Time: 00:05:16
18:03: Starting Registry Sweep
18:03: Registry Sweep Complete, Elapsed Time:00:00:08
18:03: Starting Cookie Sweep
18:03: Found Spy Cookie: atlas dmt cookie
18:03: louiz@atdmt[2].txt (ID = 2253)
18:03: Found Spy Cookie: bluestreak cookie
18:03: louiz@bluestreak[1].txt (ID = 2314)
18:03: Cookie Sweep Complete, Elapsed Time: 00:00:00
18:03: Starting File Sweep
18:23: File Sweep Complete, Elapsed Time: 00:19:57
18:23: Full Sweep has completed. Elapsed time 00:25:27
18:23: Traces Found: 2
18:29: Removal process initiated
18:29: Quarantining All Traces: atlas dmt cookie
18:29: Quarantining All Traces: bluestreak cookie
18:29: Removal process completed. Elapsed time 00:00:00
********
14:47: | Start of Session, samedi 15 juillet 2006 |
14:47: Spy Sweeper started
14:47: Sweep initiated using definitions version 719
14:47: Starting Memory Sweep
14:53: Memory Sweep Complete, Elapsed Time: 00:05:54
14:53: Starting Registry Sweep
14:53: Found Trojan Horse: trojan agent winlogonhook
14:53: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
14:53: Registry Sweep Complete, Elapsed Time:00:00:08
14:53: Starting Cookie Sweep
14:53: Found Spy Cookie: atlas dmt cookie
14:53: louiz@atdmt[1].txt (ID = 2253)
14:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
14:53: Starting File Sweep
15:11: File Sweep Complete, Elapsed Time: 00:18:09
15:11: Full Sweep has completed. Elapsed time 00:24:11
15:11: Traces Found: 14
15:23: Removal process initiated
15:23: Quarantining All Traces: trojan agent winlogonhook
15:23: Quarantining All Traces: atlas dmt cookie
15:23: Removal process completed. Elapsed time 00:00:00
17:57: Processing Startup Alerts
17:57: Allowed Startup entry: msnmsgr
17:58: | End of Session, samedi 15 juillet 2006 |
********
12:18: | Start of Session, samedi 15 juillet 2006 |
12:18: Spy Sweeper started
12:18: Sweep initiated using definitions version 719
12:18: Found Trojan Horse: trojan-downloader-conhook
12:18: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (2 subtraces) (ID = 1375012)
12:18: yayxuvu.dll (ID = 1375012)
12:18: Starting Memory Sweep
12:23: Found Trojan Horse: trojan agent winlogonhook
12:23: Detected running threat: c:\WINDOWS\system32\winzoa32.dll (ID = 416)
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Memory Sweep Complete, Elapsed Time: 00:17:11
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: Starting Registry Sweep
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation denied at user request
12:35: BHO Shield: found: yayxuvu.dll-- BHO installation allowed at user request
12:36: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
12:36: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374116)
12:36: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (3 subtraces) (ID = 1374128)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
12:36: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
12:36: Registry Sweep Complete, Elapsed Time:00:00:48
12:36: Starting Cookie Sweep
12:36: Found Spy Cookie: adultfriendfinder cookie
12:36: louiz@adultfriendfinder[2].txt (ID = 2165)
12:36: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:36: Starting File Sweep
12:44: Warning: Failed to read file "c:\documents and settings\louiz\mes documents\windowblinds5_public.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
12:49: Warning: Failed to read file "c:\program files\mozilla firefox\avg71f_395a764.exe". System Error. Code: 8.
Espace insuffisant pour traiter cette commande
13:06: File Sweep Complete, Elapsed Time: 00:30:08
13:06: Full Sweep has completed. Elapsed time 00:48:17
13:06: Traces Found: 29
13:53: Removal process initiated
13:53: Quarantining All Traces: trojan agent winlogonhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan agent winlogonhook
13:53: Failed to quarantine HKLM: software\microsoft\mssmgr\
13:53: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
13:53: Quarantining All Traces: trojan-downloader-conhook
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Warning: Out of memory
13:53: Failed to quarantine trojan-downloader-conhook
13:53: Failed to quarantine yayxuvu.dll
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
13:53: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
13:53: Quarantining All Traces: adultfriendfinder cookie
13:53: Warning: Out of memory
13:53: Failed to quarantine adultfriendfinder cookie
13:53: Failed to quarantine louiz@adultfriendfinder[2].txt
13:53: Removal process completed. Elapsed time 00:00:18
14:22: Removal process initiated
14:22: Quarantining All Traces: trojan agent winlogonhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan agent winlogonhook
14:22: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:22: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:22: Quarantining All Traces: trojan-downloader-conhook
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Warning: Out of memory
14:22: Failed to quarantine trojan-downloader-conhook
14:22: Failed to quarantine yayxuvu.dll
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:22: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:22: Quarantining All Traces: adultfriendfinder cookie
14:22: Warning: Out of memory
14:22: Failed to quarantine adultfriendfinder cookie
14:22: Failed to quarantine louiz@adultfriendfinder[2].txt
14:22: Removal process completed. Elapsed time 00:00:05
14:23: Removal process initiated
14:23: Quarantining All Traces: trojan agent winlogonhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan agent winlogonhook
14:23: Failed to quarantine HKLM: software\microsoft\mssmgr\
14:23: Failed to quarantine c:\WINDOWS\system32\winzoa32.dll
14:23: Quarantining All Traces: trojan-downloader-conhook
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Warning: Out of memory
14:23: Failed to quarantine trojan-downloader-conhook
14:23: Failed to quarantine yayxuvu.dll
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\
14:23: Failed to quarantine clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
14:23: Quarantining All Traces: adultfriendfinder cookie
14:23: Removal process completed. Elapsed time 00:00:05
14:33: Processing Startup Alerts
14:33: Allowed Startup entry: msnmsgr
14:39: Processing Startup Alerts
14:39: Allowed Startup entry: msnmsgr
14:47: | End of Session, samedi 15 juillet 2006 |
********
12:15: | Start of Session, samedi 15 juillet 2006 |
12:15: Spy Sweeper started
12:18: Your spyware definitions have been updated.
12:18: | End of Session, samedi 15 juillet 2006 |

Y'a maintenant Deux nouveaux trucs (mais qui sont classés en menace faible) à la place.

Atlas DMT cookie
bluestreak cookie
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses