Sujet Précédent Sujet Suivant

Win32...

Résolu
pers6006 Messages postés 36 Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonsoir a tous,voila je ne suis pas un géni en informatique malheureusement j'ai donc besoin de votre aide.
depuis peu Avast 4,7 me detecte win32 Vbstat-c , win32 trojan-gen et win 32 BHO-Bg. je les ai mis en quarantaine mais ils reviennent sans cesse. de plus j'ai depuis ce moment des tas de fenetres de pub pour des anti virus et autres qui s'ouvrent. y'a t il une solution d'avance merci beaucoup

51 réponses

Précédent
Réponse 21 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
j'allais venir te dire que ce n'était pas terminé....

il faut continuer

* Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

0
Réponse 22 / 51
pers6006 Messages postés 36 Statut Membre
 
j'ai toujours mes fameux win32... voici les rapports,lol

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xgrpkyym.dll
C:\WINDOWS\system32\xgrpkyym.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:52:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:49:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 00:04:29, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\tgjblmjh.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Réponse 23 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bon, on avance quand même

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle le fichier ci-dessous

C:\WINDOWS\system32\tgjblmjh.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofixensuite

relance hijackthis puis coche et fixe cette ligne 

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\tgjblmjh.dll",setvm


reposte les rapports stp

0
Réponse 24 / 51
pers6006 Messages postés 36 Statut Membre
 
VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xgrpkyym.dll
C:\WINDOWS\system32\xgrpkyym.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:52:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:49:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tgjblmjh.dll
C:\WINDOWS\system32\tgjblmjh.dll Has been deleted!

Performing Repairs to the registry.
Done!

je t'envoie le rapport hijackthis apré la manip
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 51
pers6006 Messages postés 36 Statut Membre
 
ça va t'en as pas marre ? lol

Logfile of HijackThis v1.99.1
Scan saved at 00:24:06, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xnuhemdt.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2006/download.php?file=2&aid=nm_ik_wav_kw1_fr_fr&lid=virus&affid=nm_67163_daeab0e0d64011dbaf8b0015c55d3487_68e05e4d+121ea98ae7324fb89596117d42878005
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Réponse 26 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
  
ça va t'en as pas marre ? lol


t'inquiète suis coriace....lol
je regarde ton rapport
je reviens
ne te sauve pas....

0
Réponse 27 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

je ne comprends pas elle est vraiment récalcitrante, de + l'exe a encore changé, pourtant vundo la vire à chaque fois. Je dois rater qq chose, on peut essayer autrement, sinon je verrais demain

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous

C:\WINDOWS\system32\xnuhemdt.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

puis cette fois, redémarre en mode sans échec pour fixer la ligne
avec hijackthis
mode d'emploi pour le MSE
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

lance hijackthis puis coche : 


O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xnuhemdt.dll",setvm


clique sur fix checked"

* lance AVG pour un scan complet toujours en mode sans échec, puis sauvegarde le rapport pour le mettre ici ensuite

* redémarre normalement
et poste tous les rapports

je les regarderais demain maintenant,il est tard.
0
Réponse 28 / 51
pers6006 Messages postés 36 Statut Membre
 
merci en tous cas,moi aussi commence aetre crevé je ferai tout ça demain...tu seras mise au courant
bye et encore merci
0
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
oui je pense que c'est le mieuix

prend ton temps pour refaire la manip correctement, fait bien attention à bien cocher et fixer la ligne dans hijackthis, normalement elle ne devrait pas être résistante comme ça. Bizarre.

bonne nuit à demain
0
pers6006 Messages postés 36 Statut Membre
 
salut,
aprés une bonne nuit de sommeil (trop courte) j'ai effectué les manip demandées.voici les rapports de Vunfofix,AVG et hijackthis...


VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xgrpkyym.dll
C:\WINDOWS\system32\xgrpkyym.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:52:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:49:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tgjblmjh.dll
C:\WINDOWS\system32\tgjblmjh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xnuhemdt.dll
C:\WINDOWS\system32\xnuhemdt.dll Has been deleted!

Performing Repairs to the registry.
Done!



VG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 11:54:44 20/03/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP561\A0105764.exe -> Adware.NewDotNet : Nettoyé.
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP561\A0105765.exe -> Adware.NewDotNet : Nettoyé.
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP561\A0105766.exe -> Adware.NewDotNet : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\P4917PTV\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\QNKBH6V2\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temp\ICD9.tmp\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\3BXTTTLU\WinAntiSpyware2006FreeInstall_fr[1].cab/UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\3BXTTTLU\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\UQ65HHW6\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport


Logfile of HijackThis v1.99.1
Scan saved at 09:33:46, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2006/download.php?file=2&aid=nm_ik_wav_kw1_fr_fr&lid=virus&affid=nm_67163_daeab0e0d64011dbaf8b0015c55d3487_68e05e4d+121ea98ae7324fb89596117d42878005
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

ps:je n'ai pas lancer hijackthis aprés AVG
0
Réponse 29 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
Bonjour,

courte nuit comme tu dis !

rapidement à cette heure ci, je reviendrais après midi

hijackthis tu l'as lancé en MSE ? tu peux en refaire un en mode normal stp.

Apparemment, ça a l'air d'être nettement mieux. Et ton pc lui comment se comporte t il ?
0
Réponse 30 / 51
pers6006 Messages postés 36 Statut Membre
 
Re,

Mon pc semble se comporter mieux je pense etre débarasser de mes win32 Vbstat-c , win32 trojan-gen et win 32 BHO-Bg,en revanche j'ai toujours les fenetres qui s'ouvre dé que je vais sur IE

je poste le rapport hijackthis en mode normal

Logfile of HijackThis v1.99.1
Scan saved at 12:14:13, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2006/download.php?file=2&aid=nm_ik_wav_kw1_fr_fr&lid=virus&affid=nm_67163_daeab0e0d64011dbaf8b0015c55d3487_68e05e4d+121ea98ae7324fb89596117d42878005
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Réponse 31 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re 

en revanche j'ai toujours les fenetres qui s'ouvre dé que je vais sur IE


explique quelles genres de fenêtres ? fait une capture d'écran à l'occasion stp.
On va faire ceci maintenant

* un scan complet avec AVG, applique les actions, sauvegarde le rapport poste le ensuite

puis

* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm

* tuto en image
https://forum.pcastuces.com/default.asp#haut

à la lettre T

0
Réponse 32 / 51
pers6006 Messages postés 36 Statut Membre
 
re,

je viens de lancer le scan avec avg,ça sera long

les fenetres qui s'ouvrent sont du style winantivirus pro... (comment fait on une capture d'ecran?)

je t'envoie les rapports dé que je peux,merci
0
Réponse 33 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
  
je viens de lancer le scan avec avg,ça sera long

les fenetres qui s'ouvrent sont du style winantivirus pro... (comment fait on une capture d'ecran?)

je t'envoie les rapports dé que je peux,merci


je ne comprends pas pourtant on a lancé blacklight, il n'avait rien détecté. Si tu es infecté par winantivirus, il aurait dû donner qq chose.

je n'ai pas besoin de capture d'écran, pour winantivirus, je connais malheureusement que trop bien. Néanmoins blacklight devrait le détecter.
Il faut rélancer blacklight également
0
Réponse 34 / 51
pers6006 Messages postés 36 Statut Membre
 
je le relancerai aprés le scan
enfin bon je vais essayer de faire tout ce que tu me dis ce qui n'ai pas une mince affaire pour ma tite tete lol
0
Réponse 35 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
  
enfin bon je vais essayer de faire tout ce que tu me dis ce qui n'ai pas une mince affaire pour ma tite tete lol

mais je trouve que tu t'en sors très bien
si tu as besoin que je te redonne la manip pour blacklight n'hésite pas

0
Réponse 36 / 51
pers6006 Messages postés 36 Statut Membre
 
non c bon g la manip pour blacklight,par contre je le fé kan ,aprés le scan AVG ou aprés les autres manip?
0
philae83 Messages postés 12854 Statut Contributeur sécurité 206
  
non c bon g la manip pour blacklight,par contre je le fé kan ,aprés le scan AVG ou aprés les autres manip?


pas de langage sms stp....lol

tu le fais maintenant, on s'en moque, le principal étant de le faire
0
Réponse 37 / 51
pers6006 Messages postés 36 Statut Membre
 
voila le scanAVG maintenant je lance le scan en ligne...

VG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:51:26 20/03/2007

+ Résultat de l'analyse:

C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\QNKBH6V2\cr_obj[1].htm -> Downloader.Psyme.cd : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temp\ICD10.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\P4917PTV\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@ehg-hollywood.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\NICO\Cookies\nico@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport
0
Réponse 38 / 51
pers6006 Messages postés 36 Statut Membre
 
voila le rapport du scan panda et maintenant je lance blacklight

Incident Statut Analyse

Spyware:Cookie/888 No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@888[1].txt
Spyware:Cookie/888 No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@888[2].txt
Spyware:Cookie/Adrevolver No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@adrevolver[1].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@advertising[1].txt
Spyware:Cookie/Cassava No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@cassava[1].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@errorsafe[1].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@stats.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@systemdoctor[2].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@winantispyware[2].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@winantivirus[1].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@www.winantivirus[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\NICO\Cookies\nico@xiti[2].txt
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\byxvuvv.dll.bad
Outil indésirable:Application/VSToolbar No Désinfecté C:\VundoFix Backups\cevagjxy.exe.bad
Virus:Trj/BHO.A Désinfecté C:\VundoFix Backups\evnppvcf.dll.bad
Virus:Trj/BHO.A Désinfecté C:\VundoFix Backups\jwocgebl.dll.bad
Adware:Adware/WinAntivirus2006 No Désinfecté C:\VundoFix Backups\oqekrton.dll.bad
Adware:Adware/WinAntivirus2006 No Désinfecté C:\VundoFix Backups\oyvpyqvx.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\tgjblmjh.dll .bad
Adware:Adware/WinAntivirus2006 No Désinfecté C:\VundoFix Backups\uabfxwef.dll.bad
Outil indésirable:Application/VSToolbar No Désinfecté C:\VundoFix Backups\wqpmeylw.exe.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\xgrpkyym.dll .bad
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\xnuhemdt.dll.bad
Outil indésirable:Application/VSToolbar No Désinfecté C:\VundoFix Backups\ywwgaihv.exe.bad
Outil indésirable:application/bestoffer No Désinfecté C:\WINDOWS\smdat32m.sys
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\SYSTEM32\csokqbhc.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\SYSTEM32\gqvkcggv.dll
Virus:Trj/BHO.A Désinfecté C:\WINDOWS\SYSTEM32\ioxexwqv.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\SYSTEM32\qporvryn.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\SYSTEM32\rhylrxbv.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\SYSTEM32\senbjstd.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\SYSTEM32\vwxnlfax.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\SYSTEM32\ytmcawjr.dll
0
Réponse 39 / 51
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
blacklight n'a pas terminé son scan ?
0
Réponse 40 / 51
pers6006 Messages postés 36 Statut Membre
 
si si le voila...j'étais en train de me restaurer lol

03/20/07 21:03:50 [Info]: BlackLight Engine 1.0.55 initialized
03/20/07 21:03:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/20/07 21:03:50 [Note]: 7019 4
03/20/07 21:03:50 [Note]: 7005 0
03/20/07 21:04:08 [Note]: 7006 0
03/20/07 21:04:08 [Note]: 7011 1724
03/20/07 21:04:08 [Note]: 7026 0
03/20/07 21:04:08 [Note]: 7026 0
03/20/07 21:04:30 [Note]: FSRAW library version 1.7.1021
03/20/07 21:30:53 [Note]: 7007 0
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses