PC terrorisé par les trjoans et adwares Résolu

Question

Bonjour a tous,
je m'adresse a vous car mon pc est infesté de trojans et autre adwares, j'ai eu beau installer ad-aware SE, Windows live one care, avg, et pleins d'autres, faire des analyses en mode sans échec, etc, rien y fait.
De plus ma barre de tache disparait, et meme en terminant puis relancant le processus dans le gestionnaire de taches, elle disparait encore au bout de qq secondes...

J'ai pas envie de formater, amors je vous de mande de l'aide.
Pour info: XP SP2 et voici mon rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:49:22, on 05/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\ddcyabb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32hysuimf.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\yovwmcfx.dll
O2 - BHO: (no name) - {D0F2B8BF-CF7B-4CA6-B791-B66894CF6D99} - C:\WINDOWS\system32\awvvu.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\oyvacvlr.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll
O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

did71 · Answer

bonsoir,

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

http://www.atribune.org/public-beta/VundoFix.exe

* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

a+

did71 · Answer

re,

* Relance Vundofix
 * Ne clique pas sur "Scan for a vundo"
 * Clique droit au milieu de la fenêtre
 * Clique sur Add more files ?
 * Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\rhysuimf.dll
C:\WINDOWS\system32\jltphpcu.dll
:\WINDOWS\system32\j6221638.dll

 * Clique sur Add files
 * Ensuite clique sur Close Windows
 * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
 * Si l'outils demande un redémarrage, accepte
 * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis 

a+

Bahamut84 · Answer

Merci de ton aide, j'ai des problemes de coneion chez moi donc j'ai pas pu essayer tout ca, mais je te tiens au courant dès que possible
Merci encore de ton aide précieuse !

Bahamut84 · Answer

Lu !
bon j'ai suivi tes instructions :
Log VundoFix:


VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:50:17 05/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\ddcyabb.dll
C:\WINDOWS\system32\jltphpcu.dll
C:\WINDOWS\system32\jmsfmmlv.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\oyvacvlr.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32lvcavyo.ini
C:\WINDOWS\system32stwa.ini
C:\WINDOWS\system32\ucphptlj.ini
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.tmp
C:\WINDOWS\system32\vnjdtmit.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\yovwmcfx.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\jltphpcu.dll
C:\WINDOWS\system32\jltphpcu.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oyvacvlr.dll
C:\WINDOWS\system32\oyvacvlr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32lvcavyo.ini
C:\WINDOWS\system32lvcavyo.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32stwa.ini
C:\WINDOWS\system32stwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ucphptlj.ini
C:\WINDOWS\system32\ucphptlj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.tmp
C:\WINDOWS\system32\uvvwa.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vnjdtmit.dll
C:\WINDOWS\system32\vnjdtmit.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yovwmcfx.dll
C:\WINDOWS\system32\yovwmcfx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:58:27 05/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32hysuimf.dll
C:\WINDOWS\system32hysuimf.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!

Et log HijackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:19:51, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32hysuimf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

did71 · Answer

Bonsoir,

on continue!

* Relance Vundofix
 * Ne clique pas sur "Scan for a vundo"
 * Clique droit au milieu de la fenêtre
 * Clique sur Add more files ?
 * Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\awvvu.dll

 * Clique sur Add files
 * Ensuite clique sur Close Windows
 * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
 * Si l'outils demande un redémarrage, accepte
 * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis 

a+

Bahamut84 · Answer

alors:


VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:50:17 05/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\ddcyabb.dll
C:\WINDOWS\system32\jltphpcu.dll
C:\WINDOWS\system32\jmsfmmlv.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\oyvacvlr.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32lvcavyo.ini
C:\WINDOWS\system32stwa.ini
C:\WINDOWS\system32\ucphptlj.ini
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.tmp
C:\WINDOWS\system32\vnjdtmit.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\yovwmcfx.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\jltphpcu.dll
C:\WINDOWS\system32\jltphpcu.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oyvacvlr.dll
C:\WINDOWS\system32\oyvacvlr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32lvcavyo.ini
C:\WINDOWS\system32lvcavyo.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32stwa.ini
C:\WINDOWS\system32stwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ucphptlj.ini
C:\WINDOWS\system32\ucphptlj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.tmp
C:\WINDOWS\system32\uvvwa.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vnjdtmit.dll
C:\WINDOWS\system32\vnjdtmit.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yovwmcfx.dll
C:\WINDOWS\system32\yovwmcfx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:58:27 05/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32hysuimf.dll
C:\WINDOWS\system32hysuimf.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!


et 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:18:04, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32hysuimf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

did71 · Answer

re,

vundo fait de la résistance!

Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://www.techsupportforum.com/sectools/combofix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
 
 
Double clique combofix.exe et suis les invites 

Poste le rapport

a+

Bahamut84 · Answer

log combofix:

"DORIAN" - 2007-06-07 21:27:17 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\DORIAN\Bureau\"

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\gjukvwhk.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\xpdx.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NWSAPAGENT
-------\LEGACY_RUNTIME
-------\nm
-------\NwSapAgent
-------\runtime
-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))

2007-06-07 21:30 <REP> d-------- C:\Avenger
2007-06-07 20:13 <REP> d-------- C:\Program Files\Neuf
2007-06-05 21:50 <REP> d-------- C:\VundoFix Backups
2007-06-05 20:06 14,868 --a------ C:\WINDOWS\system32\iotwqmql.exe
2007-06-01 14:40 <REP> d-------- C:\DOCUME~1\DORIAN\APPLIC~1\Apple Computer
2007-05-30 20:51 <REP> d-------- C:\DOCUME~1\DORIAN\APPLIC~1\Lavasoft
2007-05-30 20:50 <REP> d-------- C:\Program Files\Lavasoft
2007-05-30 19:15 14,868 --a------ C:\WINDOWS\system32\aeshamuo.exe
2007-05-29 16:14 <REP> d-------- C:\Program Files\AskTBar
2007-05-29 16:09 <REP> d-------- C:\Program Files\FDRLab
2007-05-25 13:52 <REP> d-------- C:\Program Files\Windows Media Connect
2007-05-14 13:23 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-05-14 13:23 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-05-14 13:23 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-05-14 13:23 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-05-14 13:23 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-05-14 13:23 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-05-14 13:23 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-05-14 13:23 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-05-14 13:23 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-05-11 01:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-07 19:10:57 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Skype
2007-06-01 01:02:23 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-31 12:11:08 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Image Zone Express
2007-05-31 11:14:03 -------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-05-31 11:00:32 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Azureus
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-29 11:35:13 -------- d-----w C:\Program Files\Winamp
2007-05-28 11:20:21 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Ahead
2007-05-25 12:00:38 76,144 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-25 12:00:38 470,828 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-25 11:40:44 -------- d-----w C:\Program Files\PS3Portal
2007-04-25 12:38:16 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\KVIrc
2007-04-25 12:27:07 -------- d-----w C:\Program Files\KVIrc
2007-04-20 11:30:41 -------- d-----w C:\Program Files\CCleaner
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 20:35:26 41,966 ----a-w C:\WINDOWS\system32\drivers\vradfil.sys
2007-04-16 20:35:24 3,484,416 ----a-w C:\WINDOWS\system32\drivers\vrcore.sys
2007-04-16 20:31:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-16 20:31:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{40D655E6-2AE5-401C-A311-D5A11F94BC17}=C:\WINDOWS\system32\awvvu.dll []
{64F56FC1-1272-44CD-BA6E-39723696E350}=C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{83092451-0647-4583-B973-339C4A1D1BD6}=C:\WINDOWS\system32\rhysuimf.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]
{9CB65201-89C4-402c-BA80-02D8C59F9B1D}=C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2007-05-29 16:14]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]
{FE063DB1-4EC0-403e-8DD8-394C54984B2C}=C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2007-05-29 16:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"EoEngine"="" []
"EoWeather"="" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-24 16:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-27 17:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-12-25 14:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 18:16]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 01:12]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45]
"Nero MediaHome"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" [2006-01-16 17:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{366B3029-12AC-4E0A-9E94-E1149D6C80B2}"="rdihost.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyabb]
ddcyabb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
winetn32.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder
2007-06-07 19:25:00 C:\WINDOWS\tasks\User_Feed_Synchronization-{AEA69A0A-185C-4520-9CA0-59EE0CC95B21}.job
2007-06-07 18:42:01 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2007-05-31 22:52:00 C:\WINDOWS\tasks\WebReg psc 1500 series.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 21:31:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-07 21:33:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-07 21:32

--- E O F ---

did71 · Answer

re,

encore pas mal infecté le pc!

Télécharge Blacklight (de F-Secure), sauvegarde le sur ton Bureau: 

https://europe.f-secure.com/exclude/blacklight/index.shtml 

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). 

Copie et colle le contenu de ce rapport dans ta prochaine réponse!

a+

Bahamut84 · Answer

log blacklight :

06/07/07 22:21:49 [Info]: BlackLight Engine 1.0.61 initialized
06/07/07 22:21:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/07/07 22:21:50 [Note]: 7019 4
06/07/07 22:21:50 [Note]: 7005 0
06/07/07 22:21:54 [Note]: 7006 0
06/07/07 22:21:54 [Note]: 7011 204
06/07/07 22:21:54 [Note]: 7026 0
06/07/07 22:21:54 [Note]: 7026 0
06/07/07 22:21:58 [Note]: FSRAW library version 1.7.1021
06/07/07 22:29:45 [Note]: 2000 1012
06/07/07 22:29:45 [Note]: 2000 1012
06/07/07 22:29:45 [Note]: 2000 1012
06/07/07 23:29:11 [Note]: 7007 0

did71 · Answer

Bonsoir,

je vois que tu as AVG antispyware, peux tu faire un scan et poster le rapport!

a+

Bahamut84 · Answer

lu !
voici le rapport AVG:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	11:51:49 09/06/2007

 + Résultat de l'analyse:	



Rien à signaler.


Fin du rapport

pourtant j'ai plein de "tracking cookies" dans les resultats d'analyse...

voili voilou !

did71 · Answer

Bonsoir,

rends toi ici:

http://www.virustotal.com/flash/index_en.html

et fais analyser les fichiers ci dessous:

C:\WINDOWS\system32\aeshamuo.exe
C:\WINDOWS\system32\lfbmp13n.dll 
C:\WINDOWS\system32\ltkrn13n.dll 
C:\WINDOWS\system32\ltimg13n.dll 
C:\WINDOWS\system32\lfcmp13n.dll 
C:\WINDOWS\system32\ltdis13n.dll 
C:\WINDOWS\system32\ltefx13n.dll 
C:\WINDOWS\system32\ltfil13n.dll 
C:\WINDOWS\system32\lfpng13n.dll 

poste les rapports ensuite

a+

Bahamut84 · Answer

Salut,
desolé pour cette absence, mais tout ca a été long a faire, mais cay est tout est là :

Complete scanning result of "aeshamuo.exe", received in VirusTotal at 06.10.2007, 21:42:05 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.9.0	06.08.2007	no virus found
AntiVir	7.4.0.32	06.09.2007	TR/Click.Small.MW.1
Authentium	4.93.8	05.23.2007	no virus found
Avast	4.7.997.0	06.09.2007	no virus found
AVG	7.5.0.467	06.10.2007	no virus found
BitDefender	7.2	06.10.2007	no virus found
CAT-QuickHeal	9.00	06.09.2007	no virus found
ClamAV	devel-20070416	06.10.2007	no virus found
DrWeb	4.33	06.10.2007	Trojan.Click.2480
eSafe	7.0.15.0	06.10.2007	no virus found
eTrust-Vet	30.7.3707	06.09.2007	no virus found
Ewido	4.0	06.10.2007	no virus found
FileAdvisor	1	06.10.2007	no virus found
Fortinet	2.85.0.0	06.10.2007	no virus found
F-Prot	4.3.2.48	06.08.2007	no virus found
F-Secure	6.70.13030.0	06.10.2007	no virus found
Ikarus	T3.1.1.8	06.10.2007	Trojan-Clicker.Small.YB
Kaspersky	4.0.2.24	06.10.2007	no virus found
McAfee	5049	06.08.2007	Generic AdClicker.b.dll
Microsoft	1.2503	06.10.2007	no virus found
NOD32v2	2321	06.10.2007	no virus found
Norman	5.80.02	06.08.2007	no virus found
Panda	9.0.0.4	06.10.2007	Suspicious file
Prevx1	V2	06.10.2007	no virus found
Sophos	4.18.0	06.01.2007	no virus found
Sunbelt	2.2.907.0	06.09.2007	no virus found
Symantec	10	06.10.2007	no virus found
TheHacker	6.1.6.131	06.08.2007	no virus found
VBA32	3.12.0	06.10.2007	Trojan.Click.2480
VirusBuster	4.3.23:9	06.10.2007	no virus found
Webwasher-Gateway	6.0.1	06.10.2007	Trojan.Click.Small.MW.1

Aditional Information
File size: 14868 bytes
MD5: 3034eb4211ca5feadd2d04e8f5161cf3
SHA1: 3756199f9340c4215c01b5dc2d21731e402af529
packers: BINARYRES

-----------------------------------------

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.11.1	06.11.2007	no virus found
AntiVir	7.4.0.32	06.11.2007	no virus found
Authentium	4.93.8	06.11.2007	no virus found
Avast	4.7.997.0	06.09.2007	no virus found
AVG	7.5.0.467	06.10.2007	no virus found
BitDefender	7.2	06.11.2007	no virus found
CAT-QuickHeal	9.00	06.09.2007	no virus found
ClamAV	devel-20070416	06.11.2007	no virus found
DrWeb	4.33	06.11.2007	no virus found
eSafe	7.0.15.0	06.10.2007	no virus found
eTrust-Vet	30.7.3710	06.11.2007	no virus found
Ewido	4.0	06.11.2007	no virus found
FileAdvisor	1	06.11.2007	No threat detected
Fortinet	2.85.0.0	06.11.2007	no virus found
F-Prot	4.3.2.48	06.08.2007	no virus found

Aditional Information
File size: 57344 bytes
MD5: dc38b1b71cb7ff8f4241333b9ec84f03
SHA1: a02594e71c58413d003f83f3daa7341f755c9b63
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=dc38b1b71cb7ff8f4241333b9ec84f03

--------------------------------------

Complete scanning result of "ltkrn13n.dll_", received in VirusTotal at 06.11.2007, 13:19:07 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.11.1	06.11.2007	no virus found
AntiVir	7.4.0.32	06.11.2007	no virus found
Authentium	4.93.8	06.11.2007	no virus found
Avast	4.7.997.0	06.09.2007	no virus found
AVG	7.5.0.467	06.10.2007	no virus found
BitDefender	7.2	06.11.2007	no virus found
CAT-QuickHeal	9.00	06.09.2007	no virus found
ClamAV	devel-20070416	06.11.2007	no virus found
DrWeb	4.33	06.11.2007	no virus found
eSafe	7.0.15.0	06.10.2007	no virus found
eTrust-Vet	30.7.3710	06.11.2007	no virus found
Ewido	4.0	06.11.2007	no virus found
FileAdvisor	1	06.11.2007	No threat detected
Fortinet	2.85.0.0	06.11.2007	no virus found
F-Prot	4.3.2.48	06.08.2007	no virus found
F-Secure	6.70.13030.0	06.11.2007	no virus found
Ikarus	T3.1.1.8	06.11.2007	no virus found
Kaspersky	4.0.2.24	06.11.2007	no virus found
McAfee	5049	06.08.2007	no virus found
Microsoft	1.2503	06.11.2007	no virus found
NOD32v2	2321	06.10.2007	no virus found
Norman	5.80.02	06.08.2007	no virus found
Panda	9.0.0.4	06.11.2007	no virus found
Prevx1	V2	06.11.2007	no virus found
Sophos	4.18.0	06.01.2007	no virus found
Sunbelt	2.2.907.0	06.09.2007	no virus found
Symantec	10	06.11.2007	no virus found
TheHacker	6.1.6.131	06.08.2007	no virus found
VBA32	3.12.0	06.10.2007	no virus found
VirusBuster	4.3.23:9	06.10.2007	no virus found
Webwasher-Gateway	6.0.1	06.11.2007	no virus found

Aditional Information
File size: 462848 bytes
MD5: cefc7e62d25bdc3a4501062718d0a65f
SHA1: 9e80df06f190e93dfe1f8a419b8c3fb2df7b4ef4
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=cefc7e62d25bdc3a4501062718d0a65f
------------------------------------

Complete scanning result of "ltimg13n.dll", received in VirusTotal at 06.11.2007, 13:31:52 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.5.9.0	05.09.2007	no virus found
AntiVir	7.4.0.32	06.11.2007	no virus found
Authentium	4.93.8	06.11.2007	no virus found
Avast	4.7.997.0	06.09.2007	no virus found
AVG	7.5.0.467	05.08.2007	no virus found
BitDefender	7.2	06.11.2007	no virus found
CAT-QuickHeal	9.00	06.09.2007	no virus found
ClamAV	devel-20070416	05.09.2007	no virus found
DrWeb	4.33	06.11.2007	no virus found
eSafe	7.0.15.0	05.08.2007	no virus found
eTrust-Vet	30.7.3710	06.11.2007	no virus found
FileAdvisor	1	06.11.2007	No threat detected
Fortinet	2.85.0.0	06.11.2007	no virus found
F-Prot	4.3.2.48	05.08.2007	no virus found
F-Secure	6.70.13030.0	05.09.2007	no virus found
Ikarus	T3.1.1.7	05.09.2007	no virus found
Kaspersky	4.0.2.24	06.11.2007	no virus found
McAfee	5049	06.08.2007	no virus found
Microsoft	1.2503	06.11.2007	no virus found
NOD32v2	2321	06.10.2007	no virus found
Norman	5.80.02	06.08.2007	no virus found
Panda	9.0.0.4	06.11.2007	no virus found
Prevx1	V2	06.11.2007	no virus found
Sophos	4.18.0	06.01.2007	no virus found
Sunbelt	2.2.907.0	05.05.2007	no virus found
Symantec	10	05.09.2007	no virus found
TheHacker	6.1.6.131	06.08.2007	no virus found
VBA32	3.12.0	06.10.2007	no virus found
VirusBuster	4.3.23:9	06.10.2007	no virus found
Webwasher-Gateway	6.0.1	05.09.2007	no virus found

Aditional Information
File size: 450560 bytes
MD5: 209b65395e75cd957e14b8ec3c742a7b
SHA1: d67687481fdee8bf50d0b7a899ffc4229c4fdbea
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=209b65395e75cd957e14b8ec3c742a7b

--------------------------------

omplete scanning result of "lfcmp13n.dll", received in VirusTotal at 06.11.2007, 13:41:38 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.11.1	06.11.2007	no virus found
AntiVir	7.4.0.32	06.11.2007	no virus found
Authentium	4.93.8	06.11.2007	no virus found
Avast	4.7.997.0	06.09.2007	no virus found
AVG	7.5.0.467	06.10.2007	no virus found
BitDefender	7.2	06.11.2007	no virus found
CAT-QuickHeal	9.00	06.09.2007	no virus found
ClamAV	devel-20070416	06.11.2007	no virus found
DrWeb	4.33	06.11.2007	no virus found
eSafe	7.0.15.0	06.10.2007	no virus found
eTrust-Vet	30.7.3710	06.11.2007	no virus found
Ewido	4.0	06.11.2007	no virus found
FileAdvisor	1	06.11.2007	No threat detected
Fortinet	2.85.0.0	06.11.2007	no virus found
F-Prot	4.3.2.48	06.08.2007	no virus found
F-Secure	6.70.13030.0	06.11.2007	no virus found
Ikarus	T3.1.1.8	06.11.2007	no virus found
Kaspersky	4.0.2.24	06.11.2007	no virus found
McAfee	5049	06.08.2007	no virus found
Microsoft	1.2503	06.11.2007	no virus found
NOD32v2	2322	06.11.2007	no virus found
Norman	5.80.02	06.08.2007	no virus found
Panda	9.0.0.4	06.11.2007	no virus found
Prevx1	V2	06.11.2007	no virus found
Sophos	4.18.0	06.01.2007	no virus found
Sunbelt	2.2.907.0	06.09.2007	no virus found
Symantec	10	06.11.2007	no virus found
TheHacker	6.1.6.131	06.08.2007	no virus found
VBA32	3.12.0	06.10.2007	no virus found
VirusBuster	4.3.23:9	06.10.2007	no virus found
Webwasher-Gateway	6.0.1	06.11.2007	no virus found

Aditional Information
File size: 401408 bytes
MD5: 6cba9ece3186adeae144a79e3ac769fe
SHA1: caf65a2a80e5dad59062f52eb9902eca8ae192c7
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=6cba9ece3186adeae144a79e3ac769fe

------

Complete scanning result of "ltdis13n.dll", received in VirusTotal at 06.11.2007, 14:19:34 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.11.1	06.11.2007	no virus found
AntiVir	7.4.0.32	06.11.2007	no virus found
Authentium	4.93.8	06.11.2007	no virus found
Avast	4.7.997.0	06.09.2007	no virus found
AVG	7.5.0.467	06.10.2007	no virus found
BitDefender	7.2	06.11.2007	no virus found
CAT-QuickHeal	9.00	06.09.2007	no virus found
ClamAV	devel-20070416	06.11.2007	no virus found
DrWeb	4.33	06.11.2007	no virus found
eSafe	7.0.15.0	06.10.2007	no virus found
eTrust-Vet	30.7.3710	06.11.2007	no virus found
Ewido	4.0	06.11.2007	no virus found
FileAdvisor	1	06.11.2007	No threat detected
Fortinet	2.85.0.0	06.11.2007	no virus found
F-Prot	4.3.2.48	06.08.2007	no virus found
F-Secure	6.70.13030.0	06.11.2007	no virus found
Ikarus	T3.1.1.8	06.11.2007	no virus found
Kaspersky	4.0.2.24	06.11.2007	no virus found
McAfee	5049	06.08.2007	no virus found
Microsoft	1.2503	06.11.2007	no virus found
NOD32v2	2322	06.11.2007	no virus found
Norman	5.80.02	06.08.2007	no virus found
Panda	9.0.0.4	06.11.2007	no virus found
Prevx1	V2	06.11.2007	no virus found
Sophos	4.18.0	06.01.2007	no virus found
Sunbelt	2.2.907.0	06.09.2007	no virus found
Symantec	10	06.11.2007	no virus found
TheHacker	6.1.6.132	06.11.2007	no virus found
VBA32	3.12.0	06.10.2007	no virus found
VirusBuster	4.3.23:9	06.10.2007	no virus found
Webwasher-Gateway	6.0.1	06.11.2007	no virus found

Aditional Information
File size: 299008 bytes
MD5: 55d16beb62d0b6c54ce315f7063fa7a1
SHA1: 7f7c52c7cb9776d50918414355c48ca3c842eace
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=55d16beb62d0b6c54ce315f7063fa7a1

------------------------------

omplete scanning result of "ltefx13n.dll", received in VirusTotal at 06.14.2007, 16:36:47 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.5.9.0	05.09.2007	no virus found
AntiVir	7.4.0.32	06.14.2007	no virus found
Authentium	4.93.8	06.14.2007	no virus found
Avast	4.7.997.0	06.13.2007	no virus found
AVG	7.5.0.467	05.08.2007	no virus found
BitDefender	7.2	06.14.2007	no virus found
CAT-QuickHeal	9.00	06.14.2007	no virus found
ClamAV	devel-20070416	05.09.2007	no virus found
DrWeb	4.33	06.14.2007	no virus found
eSafe	7.0.15.0	05.08.2007	no virus found
eTrust-Vet	30.7.3718	06.14.2007	no virus found
FileAdvisor	1	06.14.2007	Not analyzed yet
Fortinet	2.85.0.0	06.14.2007	no virus found
F-Prot	4.3.2.48	05.08.2007	no virus found
F-Secure	6.70.13030.0	05.09.2007	no virus found
Ikarus	T3.1.1.7	05.09.2007	no virus found
Kaspersky	4.0.2.24	06.14.2007	no virus found
McAfee	5052	06.13.2007	no virus found
Microsoft	1.2503	06.14.2007	no virus found
NOD32v2	2329	06.14.2007	no virus found
Norman	5.80.02	06.14.2007	no virus found
Panda	9.0.0.4	06.14.2007	no virus found
Prevx1	V2	06.14.2007	no virus found
Sophos	4.18.0	06.12.2007	no virus found
Sunbelt	2.2.907.0	05.05.2007	no virus found
Symantec	10	05.09.2007	no virus found
TheHacker	6.1.6.133	06.14.2007	no virus found
VBA32	3.12.0.1	06.13.2007	no virus found
VirusBuster	4.3.23:9	06.14.2007	no virus found
Webwasher-Gateway	6.0.1	05.09.2007	no virus found

Aditional Information
File size: 206336 bytes
MD5: f56ba445d7d36eb4ddbfe4477bad594d
SHA1: c90c6f982a8900c8dadfa1bd59aed3c1f6af9d11
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f56ba445d7d36eb4ddbfe4477bad594d

------------------------
Complete scanning result of "ltfil13n.dll", received in VirusTotal at 06.14.2007, 17:20:38 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.12.2	06.14.2007	no virus found
AntiVir	7.4.0.32	06.14.2007	no virus found
Authentium	4.93.8	06.14.2007	no virus found
Avast	4.7.997.0	06.13.2007	no virus found
AVG	7.5.0.467	06.14.2007	no virus found
BitDefender	7.2	06.14.2007	no virus found
CAT-QuickHeal	9.00	06.14.2007	no virus found
ClamAV	devel-20070416	06.14.2007	no virus found
DrWeb	4.33	06.14.2007	no virus found
eSafe	7.0.15.0	06.13.2007	no virus found
eTrust-Vet	30.7.3718	06.14.2007	no virus found
Ewido	4.0	06.14.2007	no virus found
FileAdvisor	1	06.14.2007	No threat detected
Fortinet	2.85.0.0	06.14.2007	no virus found
F-Prot	4.3.2.48	06.14.2007	no virus found
F-Secure	6.70.13030.0	06.14.2007	no virus found
Ikarus	T3.1.1.8	06.14.2007	no virus found
Kaspersky	4.0.2.24	06.14.2007	no virus found
McAfee	5052	06.13.2007	no virus found
Microsoft	1.2503	06.14.2007	no virus found
NOD32v2	2329	06.14.2007	no virus found
Norman	5.80.02	06.14.2007	no virus found
Panda	9.0.0.4	06.14.2007	no virus found
Prevx1	V2	06.14.2007	no virus found
Sophos	4.18.0	06.12.2007	no virus found
Sunbelt	2.2.907.0	06.14.2007	no virus found
Symantec	10	06.14.2007	no virus found
TheHacker	6.1.6.133	06.14.2007	no virus found
VBA32	3.12.0.1	06.13.2007	no virus found
VirusBuster	4.3.23:9	06.14.2007	no virus found
Webwasher-Gateway	6.0.1	06.14.2007	no virus found

Aditional Information
File size: 163840 bytes
MD5: bf1727ed495670881e18e346d162ca3d
SHA1: dbbb858bbdc51cc1843cc7c2cab5b26574bd01d9
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=bf1727ed495670881e18e346d162ca3d 

--------------

Complete scanning result of "lfpng13n.dll_", received in VirusTotal at 06.19.2007, 13:02:09 (CET).

Antivirus	Version	Update	Result
AhnLab-V3	2007.6.16.0	06.19.2007	no virus found
AntiVir	7.4.0.34	06.19.2007	no virus found
Authentium	4.93.8	06.18.2007	no virus found
Avast	4.7.997.0	06.18.2007	no virus found
AVG	7.5.0.467	06.18.2007	no virus found
BitDefender	7.2	06.19.2007	no virus found
CAT-QuickHeal	9.00	06.18.2007	no virus found
ClamAV	devel-20070416	06.19.2007	no virus found
DrWeb	4.33	06.19.2007	no virus found
eSafe	7.0.15.0	06.19.2007	no virus found
eTrust-Vet	30.7.3727	06.19.2007	no virus found
Ewido	4.0	06.19.2007	no virus found
FileAdvisor	1	06.19.2007	No threat detected
Fortinet	2.91.0.0	06.19.2007	no virus found
F-Prot	4.3.2.48	06.18.2007	no virus found
F-Secure	6.70.13030.0	06.19.2007	no virus found
Ikarus	T3.1.1.8	06.19.2007	no virus found
Kaspersky	4.0.2.24	06.19.2007	no virus found
McAfee	5055	06.18.2007	no virus found
Microsoft	1.2607	06.19.2007	no virus found
NOD32v2	2338	06.19.2007	no virus found
Norman	5.80.02	06.18.2007	no virus found
Panda	9.0.0.4	06.19.2007	no virus found
Prevx1	V2	06.19.2007	no virus found
Sophos	4.18.0	06.12.2007	no virus found
Sunbelt	2.2.907.0	06.16.2007	no virus found
Symantec	10	06.19.2007	no virus found
TheHacker	6.1.6.134	06.18.2007	no virus found
VBA32	3.12.0.2	06.19.2007	no virus found
VirusBuster	4.3.23:9	06.18.2007	no virus found
Webwasher-Gateway	6.0.1	06.19.2007	no virus found

Aditional Information
File size: 159744 bytes
MD5: ad6d6fac370748775fb9fb33a398bff9
SHA1: bf3f5c2dc388132f0ad0d33774de324127335cf4
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=ad6d6fac370748775fb9fb33a398bff9

et merci encore !

did71 · Answer

bonsoir,

1) recherche et supprime le fichier en gras ci dessous:

C:\WINDOWS\system32\aeshamuo.exe 

2) repasse hijacthis et poste le rapport!

a+

Bahamut84 · Answer

Fichier, trouvé et supprimé, et voilà le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:51:46, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32hysuimf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

did71 · Answer

Bonsoir,

relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing) 
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll (file missing) 
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing) 
O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing) 
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing) 


comment se comporte le pc?

a+

Bahamut84 · Answer

Alors voici mon log apres avoir fixé les lignes citées :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:58:28, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

did71 · Answer

Bonsoir,

tu n'aurais pas un soft du genre stylexp, objectdock?

En mode sans échec, est ce qu'elle apparaît?

a+

Bahamut84 · Answer

salut !

effectivement, j'utilise la barre objectdock, mais ca fait tres liongtemps que je m'en sers et je n'ai jamais eu ce genre de probleme auparavant.

Par contre, ma barre de tâches et bien présente en mode sans échec...

Voilà !

Merci

did71 · Answer

Bonsoir,

peux tu la désinstaller et voir si le problème persiste, quelques fois, c'est lié!

a+

Bahamut84 · Answer

MERCI POUR TOUT !

ma barre de taches remarche, j'ai plus d'adwares ni de trojans.
Tu as résolu mon pb.
Merci encore !

did71 · Answer

Bonsoir,

content d'avoir pu t'aider!

Dénonce ton infection pour faire condamner les auteurs.


Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :

- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
La tienne = ******

---> https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé, CCM!!

Bon surf

a+

PC terrorisé par les trjoans et adwares

23 réponses

Votre réponse

Newsletters