Pages intempestives et Virus - Page 2

Résolu
Précédent
  • 1
  • 2
  1. Jenny
     
    Search Navipromo version 1.0.3 commencé le 05/02/2007 à 21:10:44,23

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Documents and Settings\jenny\Bureau\virus
    Mise a jour le 28.01.2007 a 12h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\jenny\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of April, 2007.
    Version information: 2.2.1055.

    [+] Started on 02/05/07 at 21:10:47.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items .........................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 02/05/07 at 21:16:40 (return code = 0).

    *** Recherche fichiers ***

    *** Recherche cles registre ***

    Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    Recherche Clé Magic Control

    *** Module de recherche complémentaire ***
    (recherche fichiers spécifiques)

    *** Analyse Terminé le 05/02/2007 à 21:17:45,23 ***
    0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
  3. Jenny
     
    re,

    "Silent Runners.vbs", revision R50, https://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
    "updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
    "TkBellExe" = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot" ["RealNetworks, Inc."]
    "AudioDeck" = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
    "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
    "MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
    "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
    "VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
    "VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]
    "OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "IDMIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {3F76AA99-A45C-4635-8FE9-A6D186F46471}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\wvuvsrq.dll" [null data]
    {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\agufmlin.dll" [null data]
    {85F27713-41F3-4181-B43E-9CEA4D11DFE7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\vturs.dll" [null data]
    {A9B80FC9-68E3-437F-9E30-DF59976FF373}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\gebca.dll" [file not found]
    {E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"
    \InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
    -> {HKLM...CLSID} = "CloneCD Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
    -> {HKLM...CLSID} = "My Logitech Pictures"
    \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{3F76AA99-A45C-4635-8FE9-A6D186F46471}" = "*i" (unwritable string)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\wvuvsrq.dll" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> vturs\DLLName = "C:\WINDOWS\system32\vturs.dll" [null data]
    <<!>> wvuvsrq\DLLName = "wvuvsrq.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "DisableRegistryTools" = (REG_DWORD) hex:0x00000000
    {Prevent access to registry editing tools}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be enabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\jenny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\SG1.scr" ["MacSourcery"]

    Startup items in "jenny" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    C:\WINDOWS\System32\idmmbc.dll ["Tonec Inc."], 01 - 04, 22
    %SystemRoot%\system32\mswsock.dll [MS], 05 - 07, 10 - 21
    %SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
    -> {HKLM...CLSID} = "McAfee VirusScan"
    \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe"" ["Executive Software International, Inc."]
    McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
    McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
    McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
    McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Canon BJ Language Monitor iP1700\Driver = "CNMLM7W.DLL" ["CANON INC."]

    ----------
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 76 seconds, including 10 seconds for message boxes)
    0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Yop,

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Coche Run VundoFix as a task.
    Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
    0
    1. Jenny
       
      J'ai fait 2 vundo. Voici les 2 rapports :


      VundoFix V6.3.5

      Checking Java version...

      Sun Java not detected
      Scan started at 21:57:31 05/02/2007

      Listing files found while scanning....

      C:\Documents and settings\jenny\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
      C:\Documents and settings\jenny\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
      C:\WINDOWS\system32\agufmlin.dll
      C:\WINDOWS\system32\cbxyyxw.dll
      C:\WINDOWS\system32\gjoglgdo.exe
      C:\WINDOWS\system32\hggddda.dll
      C:\WINDOWS\system32\hggecde.dll
      C:\WINDOWS\system32\iifgffe.dll
      C:\WINDOWS\system32\opnkhhh.dll
      C:\WINDOWS\system32\pmnnolm.dll
      C:\WINDOWS\system32\rqrpnlk.dll
      C:\WINDOWS\system32\srutv.bak1
      C:\WINDOWS\system32\srutv.bak2
      C:\WINDOWS\system32\srutv.ini
      C:\WINDOWS\system32\tuvtqqp.dll
      C:\WINDOWS\system32\vturs.dll
      C:\WINDOWS\system32\wvuvsrq.dll
      C:\WINDOWS\system32\xxyawxv.dll
      C:\WINDOWS\system32\yayvuur.dll
      C:\WINDOWS\System32\yendfqgu.dll

      Beginning removal...

      Attempting to delete C:\Documents and settings\jenny\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
      C:\Documents and settings\jenny\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

      Attempting to delete C:\Documents and settings\jenny\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
      C:\Documents and settings\jenny\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

      Attempting to delete C:\WINDOWS\system32\agufmlin.dll
      C:\WINDOWS\system32\agufmlin.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\cbxyyxw.dll
      C:\WINDOWS\system32\cbxyyxw.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\gjoglgdo.exe
      C:\WINDOWS\system32\gjoglgdo.exe Has been deleted!

      Attempting to delete C:\WINDOWS\system32\hggddda.dll
      C:\WINDOWS\system32\hggddda.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\hggecde.dll
      C:\WINDOWS\system32\hggecde.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\iifgffe.dll
      C:\WINDOWS\system32\iifgffe.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opnkhhh.dll
      C:\WINDOWS\system32\opnkhhh.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\pmnnolm.dll
      C:\WINDOWS\system32\pmnnolm.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\rqrpnlk.dll
      C:\WINDOWS\system32\rqrpnlk.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\srutv.bak1
      C:\WINDOWS\system32\srutv.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\srutv.bak2
      C:\WINDOWS\system32\srutv.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\srutv.ini
      C:\WINDOWS\system32\srutv.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\tuvtqqp.dll
      C:\WINDOWS\system32\tuvtqqp.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\vturs.dll
      C:\WINDOWS\system32\vturs.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\wvuvsrq.dll
      C:\WINDOWS\system32\wvuvsrq.dll Could not be deleted.

      Attempting to delete C:\WINDOWS\system32\xxyawxv.dll
      C:\WINDOWS\system32\xxyawxv.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\yayvuur.dll
      C:\WINDOWS\system32\yayvuur.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\wvuvsrq.dll
      C:\WINDOWS\system32\wvuvsrq.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.5

      Checking Java version...

      Sun Java not detected
      Scan started at 22:07:38 05/02/2007

      Listing files found while scanning....

      Second rapport :

      C:\WINDOWS\system32\agufmlin.dll
      C:\WINDOWS\System32\yendfqgu.dll

      Beginning removal...

      Performing Repairs to the registry.
      Done!

      Rapport hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 22:29:13, on 05/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\VTTimer.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\VIAudioi\SBADeck\ADeck.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\Program Files\McAfee.com\VSO\mcvsshld.exe
      C:\Program Files\McAfee.com\VSO\oasclnt.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
      C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\jenny\Bureau\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {3F76AA99-A45C-4635-8FE9-A6D186F46471} - C:\WINDOWS\System32\wvuvsrq.dll (file missing)
      O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\agufmlin.dll (file missing)
      O2 - BHO: (no name) - {85F27713-41F3-4181-B43E-9CEA4D11DFE7} - C:\WINDOWS\system32\vturs.dll (file missing)
      O2 - BHO: (no name) - {A9B80FC9-68E3-437F-9E30-DF59976FF373} - C:\WINDOWS\System32\gebca.dll (file missing)
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
      O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
      O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
      O4 - Global Startup: Adobe Gamma Loader.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Fixe ceci:
    O2 - BHO: (no name) - {3F76AA99-A45C-4635-8FE9-A6D186F46471} - C:\WINDOWS\System32\wvuvsrq.dll (file missing)
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\agufmlin.dll (file missing)
    O2 - BHO: (no name) - {85F27713-41F3-4181-B43E-9CEA4D11DFE7} - C:\WINDOWS\system32\vturs.dll (file missing)
    O2 - BHO: (no name) - {A9B80FC9-68E3-437F-9E30-DF59976FF373} - C:\WINDOWS\System32\gebca.dll (file missing)

    Renomme hijackthis.exe en scan.exe et remet un nouvel Hijackthis

    a+
    0
    1. jenny
       
      Salut,

      Qu'est-ce que tu entends par fixer STP ?

      a+
      0
    2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      slt,

      Pour eviter de perdre du temps voir sur cette démo :

      http://pageperso.aol.fr/balltrap34/demohijack.htm

      "Fixer les lignes" ;-)
      0
    3. jenny
       
      Merci Seb08 !

      Regis, voici le rapport :

      Logfile of HijackThis v1.99.1
      Scan saved at 20:38:12, on 06/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\VTTimer.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\VIAudioi\SBADeck\ADeck.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\Program Files\McAfee.com\VSO\mcvsshld.exe
      C:\Program Files\McAfee.com\VSO\oasclnt.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
      C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Documents and Settings\jenny\Bureau\hijackthis\scan.exe.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
      O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
      O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
      O4 - Global Startup: Adobe Gamma Loader.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok, merci Seb

    Desole de ne pas avoir été précis mais j'etais pressé, j avais que 10min pour venir sur le forum...

    Ou en sont tes soucis?

    A+
    0
    1. jenny
       
      Nickel ! Plus une seule page intempestiste et mon pc n'a pas tourné aussi bien depuis un moment !

      Merci pour tous le temps que tu y as passé !!!

      Merci, merci, merci, merci...
      0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    De rien ;)

    Bravo pour ta patience :)

    Bonne soirée
    0
Précédent
  • 1
  • 2