[Trojan] infecté par Trojan.Win32.BHO.g
Résolu
Manéliz
Messages postés
68
Date d'inscription
Statut
Membre
Dernière intervention
-
balazebuv -
balazebuv -
Bonjour,
Je suis sous windows XP et j'utilise IE6, mon antivirus AniVirusKit 2007 détecte :
Trojan-Spy.Win32.VBStat.h
Trojan.Win32.BHO.g
Win32.WinFixer.o
J'ai également des fenêres publicitaires qui arrivent inopinément...
En esspérant que quelqu'un m'aide et merci beaucoup d'avance.
Je suis sous windows XP et j'utilise IE6, mon antivirus AniVirusKit 2007 détecte :
Trojan-Spy.Win32.VBStat.h
Trojan.Win32.BHO.g
Win32.WinFixer.o
J'ai également des fenêres publicitaires qui arrivent inopinément...
En esspérant que quelqu'un m'aide et merci beaucoup d'avance.
A voir également:
- [Trojan] infecté par Trojan.Win32.BHO.g
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan ✓ - Forum Virus
- Trojan agent ✓ - Forum Virus
- [Virus] Trojan ou virus dans csrss.exe et spo - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
33 réponses
Le rapport de VBG (je n'ai pas eu l'écran bleu...) :
[12/01/2006, 21:51:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\virtumundobegone.exe" )
[12/01/2006, 21:51:23] - Detected System Information:
[12/01/2006, 21:51:23] - Windows Version: 5.1.2600, Service Pack 2
[12/01/2006, 21:51:23] - Current Username: Compaq_Propriétaire (Admin)
[12/01/2006, 21:51:23] - Windows is in NORMAL mode.
[12/01/2006, 21:51:23] - Searching for Browser Helper Objects:
[12/01/2006, 21:51:23] - BHO 1: {013A653B-49A6-4f76-8B68-E4875EA6BA54} ()
[12/01/2006, 21:51:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:23] - Checking for HKLM\...\Winlogon\Notify\yvhikwhn
[12/01/2006, 21:51:23] - Key not found: HKLM\...\Winlogon\Notify\yvhikwhn, continuing.
[12/01/2006, 21:51:23] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[12/01/2006, 21:51:24] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/01/2006, 21:51:24] - BHO 4: {3B91225B-50D3-5B43-3237-07DF656B9A18} ()
[12/01/2006, 21:51:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:24] - Checking for HKLM\...\Winlogon\Notify\ohsgfum
[12/01/2006, 21:51:24] - Key not found: HKLM\...\Winlogon\Notify\ohsgfum, continuing.
[12/01/2006, 21:51:24] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/01/2006, 21:51:24] - BHO 6: {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} ()
[12/01/2006, 21:51:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:24] - No filename found. Continuing.
[12/01/2006, 21:51:24] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/01/2006, 21:51:24] - BHO 8: {C35160ED-7667-4B19-98E0-D67247E66842} ()
[12/01/2006, 21:51:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:24] - Checking for HKLM\...\Winlogon\Notify\geebx
[12/01/2006, 21:51:24] - Key not found: HKLM\...\Winlogon\Notify\geebx, continuing.
[12/01/2006, 21:51:24] - Finished Searching Browser Helper Objects
[12/01/2006, 21:51:24] - Finishing up...
[12/01/2006, 21:51:24] - Nothing found! Exiting...
Le rapport d'HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:57:20, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\scann.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\yvhikwhn.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B91225B-50D3-5B43-3237-07DF656B9A18} - C:\WINDOWS\system32\ohsgfum.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C35160ED-7667-4B19-98E0-D67247E66842} - C:\WINDOWS\system32\geebx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
(J'ai supprimé Spybot car il m'empéchait de faire tes manips)
[12/01/2006, 21:51:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\virtumundobegone.exe" )
[12/01/2006, 21:51:23] - Detected System Information:
[12/01/2006, 21:51:23] - Windows Version: 5.1.2600, Service Pack 2
[12/01/2006, 21:51:23] - Current Username: Compaq_Propriétaire (Admin)
[12/01/2006, 21:51:23] - Windows is in NORMAL mode.
[12/01/2006, 21:51:23] - Searching for Browser Helper Objects:
[12/01/2006, 21:51:23] - BHO 1: {013A653B-49A6-4f76-8B68-E4875EA6BA54} ()
[12/01/2006, 21:51:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:23] - Checking for HKLM\...\Winlogon\Notify\yvhikwhn
[12/01/2006, 21:51:23] - Key not found: HKLM\...\Winlogon\Notify\yvhikwhn, continuing.
[12/01/2006, 21:51:23] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[12/01/2006, 21:51:24] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/01/2006, 21:51:24] - BHO 4: {3B91225B-50D3-5B43-3237-07DF656B9A18} ()
[12/01/2006, 21:51:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:24] - Checking for HKLM\...\Winlogon\Notify\ohsgfum
[12/01/2006, 21:51:24] - Key not found: HKLM\...\Winlogon\Notify\ohsgfum, continuing.
[12/01/2006, 21:51:24] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/01/2006, 21:51:24] - BHO 6: {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} ()
[12/01/2006, 21:51:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:24] - No filename found. Continuing.
[12/01/2006, 21:51:24] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/01/2006, 21:51:24] - BHO 8: {C35160ED-7667-4B19-98E0-D67247E66842} ()
[12/01/2006, 21:51:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/01/2006, 21:51:24] - Checking for HKLM\...\Winlogon\Notify\geebx
[12/01/2006, 21:51:24] - Key not found: HKLM\...\Winlogon\Notify\geebx, continuing.
[12/01/2006, 21:51:24] - Finished Searching Browser Helper Objects
[12/01/2006, 21:51:24] - Finishing up...
[12/01/2006, 21:51:24] - Nothing found! Exiting...
Le rapport d'HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:57:20, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\scann.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\yvhikwhn.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B91225B-50D3-5B43-3237-07DF656B9A18} - C:\WINDOWS\system32\ohsgfum.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C35160ED-7667-4B19-98E0-D67247E66842} - C:\WINDOWS\system32\geebx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
(J'ai supprimé Spybot car il m'empéchait de faire tes manips)
ok tu peu supprimer VirtumundoBegone il n'a rien trouvé
on va essayé un autre programe :)
télécharge combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse + un log hijatckthis
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NB: Ne fais rien pendant que l'outils travaille
a+++
on va essayé un autre programe :)
télécharge combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse + un log hijatckthis
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NB: Ne fais rien pendant que l'outils travaille
a+++
Le rapport de combofix :
Compaq_Propri‚taire - 06-12-01 22:27:08,10 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Compaq_Propri‚taire\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{366FC003-07C5-1036-1213-050507190021}
C:\Program Files\Fichiers communs\{466FC003-07C5-1036-1213-050507190021}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\MBOLS~1\??mbols
((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))
2006-12-01 20:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-11-26 15:39 <REP> d-------- C:\VundoFix Backups
2006-11-26 01:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-26 01:14 <REP> d-------- C:\Program Files\Grisoft
2006-11-26 00:34 <REP> d-------- C:\Program Files\Lavasoft
2006-11-26 00:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-25 23:57 <REP> d-------- C:\Program Files\Yahoo!
2006-11-25 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-25 17:18 3,262 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-25 11:17 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-24 20:33 <REP> d-------- C:\WINDOWS\WBEM
2006-11-24 20:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2006-11-24 20:31 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-24 20:30 <REP> d-------- C:\WINDOWS\network diagnostic
2006-11-23 12:32 38,420 --a------ C:\WINDOWS\system32\yvhikwhn.dll
2006-11-17 22:10 <REP> d-------- C:\Program Files\MSXML 4.0
2006-11-17 22:10 <REP> d-------- C:\aaa6252afb15f1d8651995
2006-11-14 10:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\G DATA
2006-11-14 10:05 34,143 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2006-11-14 10:05 29,730 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2006-11-14 10:05 28,307 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2006-11-14 10:05 <REP> d-------- C:\WINDOWS\gear_dlls
2006-11-14 10:05 <REP> d-------- C:\Program Files\Fichiers communs\G DATA
2006-11-14 10:04 <REP> d-------- C:\Program Files\G DATA AntiVirusKit
2006-11-10 18:29 <REP> d-------- C:\WINDOWS\AU_Temp
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-05 16:03 <REP> dr-h----- C:\Documents and Settings\Compaq_Propri‚taire\Recent
2006-11-04 21:56 <REP> d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Help
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 16:35 <REP> d-------- C:\hijackthis
2006-11-03 11:23 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2006-11-03 11:23 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2006-11-03 11:23 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-11-02 22:43 <REP> d-------- C:\Program Files\Windows Live Safety Center
2006-11-02 21:09 <REP> d-------- C:\Program Files\Common Files
2006-11-02 21:01 <REP> d--hs---- C:\WA6P
2006-11-02 18:23 <REP> d-------- C:\Documents and Settings\Compaq_Propri‚taire\.housecall6.6
2006-11-02 16:44 692,276 --------- C:\WINDOWS\system32\geebx.dll
2006-11-02 14:44 72,704 --a------ C:\WINDOWS\system32\ohsgfum.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 22:27 -------- d-a------ C:\Program Files\Fichiers communs
2006-12-01 21:54 -------- d-------- C:\Program Files\Wanadoo
2006-11-26 00:35 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Lavasoft
2006-11-25 23:19 -------- d-------- C:\Program Files\Virtools Web Player 2.5
2006-11-25 18:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-14 10:05 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Microsoft
2006-11-14 10:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-14 10:03 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-11-11 20:35 -------- d-------- C:\Program Files\Symantec
2006-11-11 20:35 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-11-10 22:26 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\U3
2006-11-10 18:35 176709 --a------ C:\WINDOWS\tsc.exe
2006-11-10 18:34 71749 --a------ C:\WINDOWS\hcextoutput.dll
2006-11-10 18:33 1101904 --a------ C:\WINDOWS\vsapi32.dll
2006-11-10 18:32 86094 --a------ C:\WINDOWS\BPMNT.dll
2006-11-05 13:22 -------- d-------- C:\Program Files\Windows Media Player
2006-11-05 13:17 -------- d-------- C:\Program Files\Google
2006-11-03 18:58 -------- d-------- C:\Program Files\Absolutist.com
2006-11-03 17:33 -------- d-------- C:\Program Files\WinRAR
2006-11-02 21:09 704 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\update.log
2006-11-02 21:01 0 --a------ C:\Program Files\Fichiers communs\err.log
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-19 09:48 556 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Troll.options
2006-09-19 09:48 5188 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\froggy_scorebox
2006-09-19 09:48 1149 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\pl_accounts.pl_acc
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 22:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Documents and Settings\\Compaq_Propriétaire\\Bureau\\Forum\\Spybot\\Spybot - Search & Destroy\\TeaTimer.exe"
"Tsra"="\"C:\\PROGRA~1\\MBOLS~1\\ati2evxx.exe\" -vt yazb"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVKTray"="\"C:\\Program Files\\G DATA AntiVirusKit\\AVKTray\\AVKTray.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineil32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Connexion facile … Internet.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-12-01 22:28:02.92
C:\ComboFix.txt ... 06-12-01 22:28
et celui de hijatckthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:30:52, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\scann.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\yvhikwhn.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B91225B-50D3-5B43-3237-07DF656B9A18} - C:\WINDOWS\system32\ohsgfum.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C35160ED-7667-4B19-98E0-D67247E66842} - C:\WINDOWS\system32\geebx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Voilà !!
Compaq_Propri‚taire - 06-12-01 22:27:08,10 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Compaq_Propri‚taire\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{366FC003-07C5-1036-1213-050507190021}
C:\Program Files\Fichiers communs\{466FC003-07C5-1036-1213-050507190021}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\MBOLS~1\??mbols
((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))
2006-12-01 20:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-11-26 15:39 <REP> d-------- C:\VundoFix Backups
2006-11-26 01:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-26 01:14 <REP> d-------- C:\Program Files\Grisoft
2006-11-26 00:34 <REP> d-------- C:\Program Files\Lavasoft
2006-11-26 00:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-25 23:57 <REP> d-------- C:\Program Files\Yahoo!
2006-11-25 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-25 17:18 3,262 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-25 11:17 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-24 20:33 <REP> d-------- C:\WINDOWS\WBEM
2006-11-24 20:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2006-11-24 20:31 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-24 20:30 <REP> d-------- C:\WINDOWS\network diagnostic
2006-11-23 12:32 38,420 --a------ C:\WINDOWS\system32\yvhikwhn.dll
2006-11-17 22:10 <REP> d-------- C:\Program Files\MSXML 4.0
2006-11-17 22:10 <REP> d-------- C:\aaa6252afb15f1d8651995
2006-11-14 10:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\G DATA
2006-11-14 10:05 34,143 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2006-11-14 10:05 29,730 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2006-11-14 10:05 28,307 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2006-11-14 10:05 <REP> d-------- C:\WINDOWS\gear_dlls
2006-11-14 10:05 <REP> d-------- C:\Program Files\Fichiers communs\G DATA
2006-11-14 10:04 <REP> d-------- C:\Program Files\G DATA AntiVirusKit
2006-11-10 18:29 <REP> d-------- C:\WINDOWS\AU_Temp
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-05 16:03 <REP> dr-h----- C:\Documents and Settings\Compaq_Propri‚taire\Recent
2006-11-04 21:56 <REP> d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Help
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 16:35 <REP> d-------- C:\hijackthis
2006-11-03 11:23 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2006-11-03 11:23 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2006-11-03 11:23 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-11-02 22:43 <REP> d-------- C:\Program Files\Windows Live Safety Center
2006-11-02 21:09 <REP> d-------- C:\Program Files\Common Files
2006-11-02 21:01 <REP> d--hs---- C:\WA6P
2006-11-02 18:23 <REP> d-------- C:\Documents and Settings\Compaq_Propri‚taire\.housecall6.6
2006-11-02 16:44 692,276 --------- C:\WINDOWS\system32\geebx.dll
2006-11-02 14:44 72,704 --a------ C:\WINDOWS\system32\ohsgfum.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 22:27 -------- d-a------ C:\Program Files\Fichiers communs
2006-12-01 21:54 -------- d-------- C:\Program Files\Wanadoo
2006-11-26 00:35 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Lavasoft
2006-11-25 23:19 -------- d-------- C:\Program Files\Virtools Web Player 2.5
2006-11-25 18:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-14 10:05 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Microsoft
2006-11-14 10:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-14 10:03 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-11-11 20:35 -------- d-------- C:\Program Files\Symantec
2006-11-11 20:35 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-11-10 22:26 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\U3
2006-11-10 18:35 176709 --a------ C:\WINDOWS\tsc.exe
2006-11-10 18:34 71749 --a------ C:\WINDOWS\hcextoutput.dll
2006-11-10 18:33 1101904 --a------ C:\WINDOWS\vsapi32.dll
2006-11-10 18:32 86094 --a------ C:\WINDOWS\BPMNT.dll
2006-11-05 13:22 -------- d-------- C:\Program Files\Windows Media Player
2006-11-05 13:17 -------- d-------- C:\Program Files\Google
2006-11-03 18:58 -------- d-------- C:\Program Files\Absolutist.com
2006-11-03 17:33 -------- d-------- C:\Program Files\WinRAR
2006-11-02 21:09 704 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\update.log
2006-11-02 21:01 0 --a------ C:\Program Files\Fichiers communs\err.log
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-19 09:48 556 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Troll.options
2006-09-19 09:48 5188 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\froggy_scorebox
2006-09-19 09:48 1149 --a------ C:\Documents and Settings\Compaq_Propri‚taire\Application Data\pl_accounts.pl_acc
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 22:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Documents and Settings\\Compaq_Propriétaire\\Bureau\\Forum\\Spybot\\Spybot - Search & Destroy\\TeaTimer.exe"
"Tsra"="\"C:\\PROGRA~1\\MBOLS~1\\ati2evxx.exe\" -vt yazb"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVKTray"="\"C:\\Program Files\\G DATA AntiVirusKit\\AVKTray\\AVKTray.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineil32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Connexion facile … Internet.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-12-01 22:28:02.92
C:\ComboFix.txt ... 06-12-01 22:28
et celui de hijatckthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:30:52, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\scann.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\yvhikwhn.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B91225B-50D3-5B43-3237-07DF656B9A18} - C:\WINDOWS\system32\ohsgfum.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C35160ED-7667-4B19-98E0-D67247E66842} - C:\WINDOWS\system32\geebx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Voilà !!
bonsoir desactive l'option teatimer de spybot car elle va nous empeché de supprimer les lignes dans hijack
telecharger killbox tu l'utilisera plus tard
https://www.generation-nt.com/killbox-telechargement-25430.html
ensuite redemare en mode sans echec (redemarrage +tapotte sans arret sur F8 desque l'ordi s'allume)
ouvre the kill box
Double clic sur killbox.exe (Pocket Killbox)
- Dans "Full Path of File to Delete"
copie et colle:
C:\WINDOWS\system32\geebx.dll
-clique sur single file
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
refait pareille avec ces fichiers
C:\WINDOWS\system32\ohsgfum.dll
C:\WINDOWS\system32\yvhikwhn.dll
ensuite ouvre hijack coche ces lignes puis clike sur fix checked
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\yvhikwhn.dll
O2 - BHO: (no name) - {3B91225B-50D3-5B43-3237-07DF656B9A18} - C:\WINDOWS\system32\ohsgfum.dll
O2 - BHO: (no name) - {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} - (no file)
O2 - BHO: (no name) - {C35160ED-7667-4B19-98E0-D67247E66842} - C:\WINDOWS\system32\geebx.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\
toujour en mode sans echec execute :
avg antispyware + ccleaner
redemare en mode normal
dans ta prochaine reponse met rapport d'avg + un log hijack
a++++
telecharger killbox tu l'utilisera plus tard
https://www.generation-nt.com/killbox-telechargement-25430.html
ensuite redemare en mode sans echec (redemarrage +tapotte sans arret sur F8 desque l'ordi s'allume)
ouvre the kill box
Double clic sur killbox.exe (Pocket Killbox)
- Dans "Full Path of File to Delete"
copie et colle:
C:\WINDOWS\system32\geebx.dll
-clique sur single file
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
refait pareille avec ces fichiers
C:\WINDOWS\system32\ohsgfum.dll
C:\WINDOWS\system32\yvhikwhn.dll
ensuite ouvre hijack coche ces lignes puis clike sur fix checked
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\yvhikwhn.dll
O2 - BHO: (no name) - {3B91225B-50D3-5B43-3237-07DF656B9A18} - C:\WINDOWS\system32\ohsgfum.dll
O2 - BHO: (no name) - {A64D0CC4-9F27-4F01-8285-34D02F5F28E4} - (no file)
O2 - BHO: (no name) - {C35160ED-7667-4B19-98E0-D67247E66842} - C:\WINDOWS\system32\geebx.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\
toujour en mode sans echec execute :
avg antispyware + ccleaner
redemare en mode normal
dans ta prochaine reponse met rapport d'avg + un log hijack
a++++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
Je viens d'effectuer les manips, seulement voilà, impossible de suprimer C:\WINDOWS\system32\ohsgfum.dll avec kill box !
Cependant, j'ai quand meme exécuter en mode sans échec AVG, C-cleaner.
Voici les rapports d'AVG et d'hijack :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:25:02 02/12/2006
+ Résultat de l'analyse:
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
Celui d'hijack :
Logfile of HijackThis v1.99.1
Scan saved at 11:31:02, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\scann.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Encore merci pour ton aide.
Je viens d'effectuer les manips, seulement voilà, impossible de suprimer C:\WINDOWS\system32\ohsgfum.dll avec kill box !
Cependant, j'ai quand meme exécuter en mode sans échec AVG, C-cleaner.
Voici les rapports d'AVG et d'hijack :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:25:02 02/12/2006
+ Résultat de l'analyse:
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
Celui d'hijack :
Logfile of HijackThis v1.99.1
Scan saved at 11:31:02, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\scann.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Compaq_Propriétaire\Bureau\Forum\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirusKit\AVK\AVKService.exe
O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirusKit\AVK\AVKWCtl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Encore merci pour ton aide.
fix ces lignes avec hijackthis
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
fait un scan avec spybot et adaware ( pense a les mettre ajour c'est tres important )
ensuite dit moi si ton antivirus te detecte tjr les trojans
a++++
O4 - HKCU\..\Run: [Tsra] "C:\PROGRA~1\MBOLS~1\ati2evxx.exe" -vt yazb
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
fait un scan avec spybot et adaware ( pense a les mettre ajour c'est tres important )
ensuite dit moi si ton antivirus te detecte tjr les trojans
a++++
Mon antivirus trouve encore des choses :
Dans le dossier C:\!KillBox dans le Fichier geebx.dll, le virus
AdWare.Win32.Virtumonde.fj (Moteur principal)
et dans le même dossier, mais dans le fichier yvhikwhn.dll,
le trojan Win32.BHO.o (Moteur princimal)
Que faut-il faire ?
Merci
Dans le dossier C:\!KillBox dans le Fichier geebx.dll, le virus
AdWare.Win32.Virtumonde.fj (Moteur principal)
et dans le même dossier, mais dans le fichier yvhikwhn.dll,
le trojan Win32.BHO.o (Moteur princimal)
Que faut-il faire ?
Merci
rien de mechant :)
ce dossier C:\!KillBox contien tout les virus que t'as supprimé avec the kill box
enfait ce programe (the killbox) fait des sauvegarde de tout les fichiers supprimer comme ca on cas d'erreur tu poura les restaurer
voici comment supprime la sauvegarde :
va dans post de travail / lecteur C: cherche et supprime le dossier \!KillBox
vide la corbeille
a+++ :)
ce dossier C:\!KillBox contien tout les virus que t'as supprimé avec the kill box
enfait ce programe (the killbox) fait des sauvegarde de tout les fichiers supprimer comme ca on cas d'erreur tu poura les restaurer
voici comment supprime la sauvegarde :
va dans post de travail / lecteur C: cherche et supprime le dossier \!KillBox
vide la corbeille
a+++ :)
Alors, le dossier est supprimé, est ce qu'on en reste là ?
J'ai l'impression que ça marche bien, c'est peut etre un peu tot pour se prononcer !!
En tous cas merci pour ton aide !
Faut il garder les programmes que j'ai installés pour les manips ?
(C Cleaner, avg, vundoFix...)
J'ai l'impression que ça marche bien, c'est peut etre un peu tot pour se prononcer !!
En tous cas merci pour ton aide !
Faut il garder les programmes que j'ai installés pour les manips ?
(C Cleaner, avg, vundoFix...)
vide la corbeille :) , supprime vundofix et garde le reste :)
quelque conseilles de base
- installe un parefeu ca va renforcé la securité de l'ordi je te conseille un firewall gratuit ( si tu peu te procurer la version payant c'est encore mieu :)
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
tuto
https://forums.cnetfrance.fr
- passe reglierement les antispyware (adaware , spybot , avg .. ect) pense a les mettre ajour avant de les lancé c'est tres important
-supprime regulierement les fichiers inutiles (fichiers temporaire , cookies .. ect a l'aide de CCleaner
-maintenant que ton ordinateur est propre je te conseille de creer un point de restauration comme ca en cas de probleme (virus , plantage ..ect) tu poura tjr revenir en arriere
http://www.aidoforum.com/tutoriaux-371-creer-un-point-de-restauration-sous-windows.html
a+++++
quelque conseilles de base
- installe un parefeu ca va renforcé la securité de l'ordi je te conseille un firewall gratuit ( si tu peu te procurer la version payant c'est encore mieu :)
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
tuto
https://forums.cnetfrance.fr
- passe reglierement les antispyware (adaware , spybot , avg .. ect) pense a les mettre ajour avant de les lancé c'est tres important
-supprime regulierement les fichiers inutiles (fichiers temporaire , cookies .. ect a l'aide de CCleaner
-maintenant que ton ordinateur est propre je te conseille de creer un point de restauration comme ca en cas de probleme (virus , plantage ..ect) tu poura tjr revenir en arriere
http://www.aidoforum.com/tutoriaux-371-creer-un-point-de-restauration-sous-windows.html
a+++++
