Sujet Précédent Sujet Suivant

(HELP] Divers Virus W32.... : Log HijackThis

Roberto -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

Je suis infecté par plusieurs type de virus W32, avast les dectet mais ils reviennent toujours à chaque démarage. J'ai aussi fait Cc cleaner, spybot, adware, AVG antispy. mais rien à faire.
Quelqu'un pourrait m'aider svp ? Merci

Voici mon log Hikachthis

Logfile of HijackThis v1.99.1
Scan saved at 13:45:08, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A05DA7E0-383C-4E99-A72A-742050A152A2} -

C:\WINDOWS\system32\gebbxvt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA

Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google

Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/...

060556
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/...

24659030
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebbxvt - C:\WINDOWS\SYSTEM32\gebbxvt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner -

C:\WINDOWS\system32\aspi11585.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program

Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

Doctor\swdsvc.exe
A voir également:

14 réponses

Réponse 1 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

http://www.atribune.org/ccount/click.php?id=4

*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

++
0
Réponse 2 / 14
Roberto
 
VundoFix V6.3.21

Checking Java version...

Scan started at 14:01:22 14/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\gebbxvt.dll

Beginning removal...
Attempting to delete C:\WINDOWS\system32\gebbxvt.dll
C:\WINDOWS\system32\gebbxvt.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 14:27:17, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\OOBE\msoobe.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Hijackthis\scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A05DA7E0-383C-4E99-A72A-742050A152A2} - C:\WINDOWS\system32\gebbxvt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebbxvt - C:\WINDOWS\SYSTEM32\gebbxvt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi11585.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Voila les 2 rapports
J'ai constaté aussi que les fichiers suivants contiennent les virus
eyjjavbo.exe, jtxsgj.exe, oaqac.exe, wbhomy.exe, 405524695 s'installent dans c:\ ils reviennent toujous si on les suppriment
0
Réponse 3 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok

Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://www.techsupportforum.com/sectools/combofix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites

Poste le rapport stp

++

0
Réponse 4 / 14
Roberto
 
J'ai un répertoire catchme qui ets apparu c'est normal ? Voile le log du dossier

file zipped: C:\WINDOWS\system32\kprof -> catchme.zip -> kprof ( 6144 bytes )
PE file "C:\WINDOWS\system32\kprof" killed successfully
file zipped: C:\WINDOWS\system32\koos.exe -> catchme.zip -> koos.exe ( 34816 bytes )
PE file "C:\WINDOWS\system32\koos.exe" killed successfully
file zipped: C:\WINDOWS\system32\poof -> catchme.zip -> poof ( 30208 bytes )
PE file "C:\WINDOWS\system32\poof" killed successfully
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Ok;

le répertoire est lié a combo fix! ...

poste un nouveau hijack stp

++

0
Réponse 6 / 14
Roberto
 
Logfile of HijackThis v1.99.1
Scan saved at 16:19, on 2007-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\ComboFix\nircmd.cfexe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A05DA7E0-383C-4E99-A72A-742050A152A2} - C:\WINDOWS\system32\gebbxvt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebbxvt - C:\WINDOWS\SYSTEM32\gebbxvt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0
Réponse 7 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

++
0
Réponse 8 / 14
Roberto
 
Désole d'être si tardif mais le logiciel ma fait planter l'ordi. Au chargement de windows il redémarrait à l'infini ! j'ai du réparer l'install de windows qui ma pris 45 min.

Voici le log

[05/14/2007, 16:29:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Roberto\Bureau\VirtumundoBeGone.exe" )
[05/14/2007, 16:34:22] - Detected System Information:
[05/14/2007, 16:34:22] - Windows Version: 5.1.2600, Service Pack 2
[05/14/2007, 16:34:22] - Current Username: (Admin)
[05/14/2007, 16:34:22] - Windows is in NORMAL mode.
[05/14/2007, 16:34:22] - Searching for Browser Helper Objects:
[05/14/2007, 16:34:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:34:22] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:34:22] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:34:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:34:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - No filename found. Continuing.
[05/14/2007, 16:34:22] - BHO 5: {A05DA7E0-383C-4E99-A72A-742050A152A2} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - Checking for HKLM\...\Winlogon\Notify\gebbxvt
[05/14/2007, 16:34:22] - Found: HKLM\...\Winlogon\Notify\gebbxvt - This is probably Virtumundo.
[05/14/2007, 16:34:22] - Assigning {A05DA7E0-383C-4E99-A72A-742050A152A2} MSEvents Object
[05/14/2007, 16:34:22] - BHO list has been changed! Starting over...
[05/14/2007, 16:34:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:34:22] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:34:22] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:34:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:34:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - No filename found. Continuing.
[05/14/2007, 16:34:23] - BHO 5: {A05DA7E0-383C-4E99-A72A-742050A152A2} (MSEvents Object)
[05/14/2007, 16:34:23] - ALERT: Found MSEvents Object!
[05/14/2007, 16:34:23] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/14/2007, 16:34:23] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/14/2007, 16:34:23] - Finished Searching Browser Helper Objects
[05/14/2007, 16:34:23] - *** Detected MSEvents Object
[05/14/2007, 16:34:23] - Trying to remove MSEvents Object...
[05/14/2007, 16:34:24] - Terminating Process: IEXPLORE.EXE
[05/14/2007, 16:34:24] - Terminating Process: RUNDLL32.EXE
[05/14/2007, 16:34:24] - Disabling Automatic Shell Restart
[05/14/2007, 16:34:24] - Terminating Process: EXPLORER.EXE
[05/14/2007, 16:34:24] - Suspending the NT Session Manager System Service
[05/14/2007, 16:34:24] - Terminating Windows NT Logon/Logoff Manager
[05/14/2007, 16:34:25] - Re-enabling Automatic Shell Restart
[05/14/2007, 16:34:25] - File to disable: C:\WINDOWS\system32\gebbxvt.dll
[05/14/2007, 16:34:25] - Renaming C:\WINDOWS\system32\gebbxvt.dll -> C:\WINDOWS\system32\gebbxvt.dll.vir
[05/14/2007, 16:34:25] - File successfully renamed!
[05/14/2007, 16:34:25] - Removing HKLM\...\Browser Helper Objects\{A05DA7E0-383C-4E99-A72A-742050A152A2}
[05/14/2007, 16:34:25] - Removing HKCR\CLSID\{A05DA7E0-383C-4E99-A72A-742050A152A2}
[05/14/2007, 16:34:25] - Adding Kill Bit for ActiveX for GUID: {A05DA7E0-383C-4E99-A72A-742050A152A2}
[05/14/2007, 16:34:25] - Deleting ATLEvents/MSEvents Registry entries
[05/14/2007, 16:34:25] - Removing HKLM\...\Winlogon\Notify\gebbxvt
[05/14/2007, 16:34:25] - Searching for Browser Helper Objects:
[05/14/2007, 16:34:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:34:25] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:34:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:34:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:34:25] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:34:25] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:34:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:25] - No filename found. Continuing.
[05/14/2007, 16:34:25] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/14/2007, 16:34:25] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/14/2007, 16:34:25] - Finished Searching Browser Helper Objects
[05/14/2007, 16:34:25] - Finishing up...
[05/14/2007, 16:34:25] - A restart is needed.
[05/14/2007, 16:34:28] - Attempting to Restart via STOP error (Blue Screen!)

[05/14/2007, 16:37:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Roberto\Bureau\VirtumundoBeGone(2).exe" )
[05/14/2007, 16:37:12] - Detected System Information:
[05/14/2007, 16:37:12] - Windows Version: 5.1.2600, Service Pack 2
[05/14/2007, 16:37:12] - Current Username: (Admin)
[05/14/2007, 16:37:12] - Windows is in NORMAL mode.
[05/14/2007, 16:37:12] - Searching for Browser Helper Objects:
[05/14/2007, 16:37:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:37:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:37:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:37:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:37:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:37:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:37:12] - No filename found. Continuing.
[05/14/2007, 16:37:12] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/14/2007, 16:37:12] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/14/2007, 16:37:12] - Finished Searching Browser Helper Objects
[05/14/2007, 16:37:12] - Finishing up...
[05/14/2007, 16:37:12] - Nothing found! Exiting...
0
Réponse 9 / 14
Roberto
 
Petit oubli du rapport Hijack

[05/14/2007, 16:29:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Roberto\Bureau\VirtumundoBeGone.exe" )
[05/14/2007, 16:34:22] - Detected System Information:
[05/14/2007, 16:34:22] - Windows Version: 5.1.2600, Service Pack 2
[05/14/2007, 16:34:22] - Current Username: (Admin)
[05/14/2007, 16:34:22] - Windows is in NORMAL mode.
[05/14/2007, 16:34:22] - Searching for Browser Helper Objects:
[05/14/2007, 16:34:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:34:22] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:34:22] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:34:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:34:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - No filename found. Continuing.
[05/14/2007, 16:34:22] - BHO 5: {A05DA7E0-383C-4E99-A72A-742050A152A2} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - Checking for HKLM\...\Winlogon\Notify\gebbxvt
[05/14/2007, 16:34:22] - Found: HKLM\...\Winlogon\Notify\gebbxvt - This is probably Virtumundo.
[05/14/2007, 16:34:22] - Assigning {A05DA7E0-383C-4E99-A72A-742050A152A2} MSEvents Object
[05/14/2007, 16:34:22] - BHO list has been changed! Starting over...
[05/14/2007, 16:34:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:34:22] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:34:22] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:34:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:34:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:34:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:22] - No filename found. Continuing.
[05/14/2007, 16:34:23] - BHO 5: {A05DA7E0-383C-4E99-A72A-742050A152A2} (MSEvents Object)
[05/14/2007, 16:34:23] - ALERT: Found MSEvents Object!
[05/14/2007, 16:34:23] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/14/2007, 16:34:23] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/14/2007, 16:34:23] - Finished Searching Browser Helper Objects
[05/14/2007, 16:34:23] - *** Detected MSEvents Object
[05/14/2007, 16:34:23] - Trying to remove MSEvents Object...
[05/14/2007, 16:34:24] - Terminating Process: IEXPLORE.EXE
[05/14/2007, 16:34:24] - Terminating Process: RUNDLL32.EXE
[05/14/2007, 16:34:24] - Disabling Automatic Shell Restart
[05/14/2007, 16:34:24] - Terminating Process: EXPLORER.EXE
[05/14/2007, 16:34:24] - Suspending the NT Session Manager System Service
[05/14/2007, 16:34:24] - Terminating Windows NT Logon/Logoff Manager
[05/14/2007, 16:34:25] - Re-enabling Automatic Shell Restart
[05/14/2007, 16:34:25] - File to disable: C:\WINDOWS\system32\gebbxvt.dll
[05/14/2007, 16:34:25] - Renaming C:\WINDOWS\system32\gebbxvt.dll -> C:\WINDOWS\system32\gebbxvt.dll.vir
[05/14/2007, 16:34:25] - File successfully renamed!
[05/14/2007, 16:34:25] - Removing HKLM\...\Browser Helper Objects\{A05DA7E0-383C-4E99-A72A-742050A152A2}
[05/14/2007, 16:34:25] - Removing HKCR\CLSID\{A05DA7E0-383C-4E99-A72A-742050A152A2}
[05/14/2007, 16:34:25] - Adding Kill Bit for ActiveX for GUID: {A05DA7E0-383C-4E99-A72A-742050A152A2}
[05/14/2007, 16:34:25] - Deleting ATLEvents/MSEvents Registry entries
[05/14/2007, 16:34:25] - Removing HKLM\...\Winlogon\Notify\gebbxvt
[05/14/2007, 16:34:25] - Searching for Browser Helper Objects:
[05/14/2007, 16:34:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:34:25] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:34:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:34:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:34:25] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:34:25] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:34:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:34:25] - No filename found. Continuing.
[05/14/2007, 16:34:25] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/14/2007, 16:34:25] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/14/2007, 16:34:25] - Finished Searching Browser Helper Objects
[05/14/2007, 16:34:25] - Finishing up...
[05/14/2007, 16:34:25] - A restart is needed.
[05/14/2007, 16:34:28] - Attempting to Restart via STOP error (Blue Screen!)

[05/14/2007, 16:37:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Roberto\Bureau\VirtumundoBeGone(2).exe" )
[05/14/2007, 16:37:12] - Detected System Information:
[05/14/2007, 16:37:12] - Windows Version: 5.1.2600, Service Pack 2
[05/14/2007, 16:37:12] - Current Username: (Admin)
[05/14/2007, 16:37:12] - Windows is in NORMAL mode.
[05/14/2007, 16:37:12] - Searching for Browser Helper Objects:
[05/14/2007, 16:37:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 16:37:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/14/2007, 16:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:37:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/14/2007, 16:37:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/14/2007, 16:37:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 16:37:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/14/2007, 16:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 16:37:12] - No filename found. Continuing.
[05/14/2007, 16:37:12] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/14/2007, 16:37:12] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/14/2007, 16:37:12] - Finished Searching Browser Helper Objects
[05/14/2007, 16:37:12] - Finishing up...
[05/14/2007, 16:37:12] - Nothing found! Exiting...
0
Réponse 10 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Loupé :)))

0
Réponse 11 / 14
Roberto
 
Décidément quand ca veut pas ca veut pas !!! mauvaise manip désolé
Voila le bon log cette fois ci

Logfile of HijackThis v1.99.1
Scan saved at 17:34, on 2007-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0
Réponse 12 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Bien :)

fais ce qui est indiqué ici stp

securite proteger un ordinateur contre les malwares d internet

++
0
Réponse 13 / 14
Roberto
 
Le problème c'est que tout ca je l'ai déja réalisé,

J'ai un pare feu : kerio
anti espion : adware, spybot, AVG antispy
antivirus : avast
nettoyeur de registre : Cc leaner et Regcleaner

Mais rien a faire a chaque demmarage il revienne tout le temps pourtant je suis même aller dans la base de registre vérifier les entrées au démarage mais rien à signaler. Avast les supprime mais comment font-ils pour revenir à chaque fois
0
Réponse 14 / 14
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Fais au moins le scan en ligne !

++
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses