PC terrorisé par les trjoans et adwares

Résolu
Bahamut84 -  
did71 Messages postés 2187 Statut Contributeur sécurité -
Bonjour a tous,
je m'adresse a vous car mon pc est infesté de trojans et autre adwares, j'ai eu beau installer ad-aware SE, Windows live one care, avg, et pleins d'autres, faire des analyses en mode sans échec, etc, rien y fait.
De plus ma barre de tache disparait, et meme en terminant puis relancant le processus dans le gestionnaire de taches, elle disparait encore au bout de qq secondes...

J'ai pas envie de formater, amors je vous de mande de l'aide.
Pour info: XP SP2 et voici mon rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:49:22, on 05/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\ddcyabb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\yovwmcfx.dll
O2 - BHO: (no name) - {D0F2B8BF-CF7B-4CA6-B791-B66894CF6D99} - C:\WINDOWS\system32\awvvu.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\oyvacvlr.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll
O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 12589 bytes
Configuration: Windows XP
Internet Explorer 7.0

23 réponses

  • 1
  • 2
  1. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir,

    * Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

    http://www.atribune.org/public-beta/VundoFix.exe

    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    a+
    0
    1. Bahamut84
       
      Merci de ton aide !
      alors, j'ai fais comme tu as dis.
      apres 2 reboot, j'ai eu des message avec "impossible de trouver tel ou tel dll", et ma barre de taches n'est toujours aps revenue.

      bon sinon vopilà le log Vundofix:


      VundoFix V6.4.2

      Checking Java version...

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 21:50:17 05/06/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\awtsr.dll
      C:\WINDOWS\system32\awvvu.dll
      C:\WINDOWS\system32\ddcyabb.dll
      C:\WINDOWS\system32\jltphpcu.dll
      C:\WINDOWS\system32\jmsfmmlv.dll
      C:\WINDOWS\system32\klnmp.ini
      C:\WINDOWS\system32\oyvacvlr.dll
      C:\WINDOWS\system32\pmnlk.dll
      C:\WINDOWS\system32\pqstv.ini
      C:\WINDOWS\system32\rlvcavyo.ini
      C:\WINDOWS\system32\rstwa.ini
      C:\WINDOWS\system32\ucphptlj.ini
      C:\WINDOWS\system32\uvvwa.bak1
      C:\WINDOWS\system32\uvvwa.bak2
      C:\WINDOWS\system32\uvvwa.ini
      C:\WINDOWS\system32\uvvwa.ini2
      C:\WINDOWS\system32\uvvwa.tmp
      C:\WINDOWS\system32\vnjdtmit.dll
      C:\WINDOWS\system32\vtsqp.dll
      C:\WINDOWS\system32\yovwmcfx.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\awtsr.dll
      C:\WINDOWS\system32\awtsr.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\awvvu.dll
      C:\WINDOWS\system32\awvvu.dll Could not be deleted.

      Attempting to delete C:\WINDOWS\system32\jltphpcu.dll
      C:\WINDOWS\system32\jltphpcu.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\klnmp.ini
      C:\WINDOWS\system32\klnmp.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\oyvacvlr.dll
      C:\WINDOWS\system32\oyvacvlr.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\pmnlk.dll
      C:\WINDOWS\system32\pmnlk.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\pqstv.ini
      C:\WINDOWS\system32\pqstv.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\rlvcavyo.ini
      C:\WINDOWS\system32\rlvcavyo.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\rstwa.ini
      C:\WINDOWS\system32\rstwa.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ucphptlj.ini
      C:\WINDOWS\system32\ucphptlj.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
      C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\uvvwa.bak2
      C:\WINDOWS\system32\uvvwa.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\uvvwa.ini
      C:\WINDOWS\system32\uvvwa.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
      C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\uvvwa.tmp
      C:\WINDOWS\system32\uvvwa.tmp Has been deleted!

      Attempting to delete C:\WINDOWS\system32\vnjdtmit.dll
      C:\WINDOWS\system32\vnjdtmit.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\vtsqp.dll
      C:\WINDOWS\system32\vtsqp.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\yovwmcfx.dll
      C:\WINDOWS\system32\yovwmcfx.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.4.2

      Checking Java version...

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 21:58:27 05/06/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\awvvu.dll
      C:\WINDOWS\system32\uvvwa.ini
      C:\WINDOWS\system32\uvvwa.ini2

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\awvvu.dll
      C:\WINDOWS\system32\awvvu.dll Could not be deleted.

      Attempting to delete C:\WINDOWS\system32\uvvwa.ini
      C:\WINDOWS\system32\uvvwa.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
      C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\uvvwa.ini
      C:\WINDOWS\system32\uvvwa.ini Has been deleted!

      Performing Repairs to the registry.
      Done!


      et voici le log HijackThis (realisé apres l'operation Vundo) :

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 22:08:27, on 05/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Microsoft Windows OneCare Live\winss.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe
      C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
      O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
      O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
      O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
      O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
      O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
      O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
      O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
      O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
      O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
      O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
      O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
      0
  2. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\rhysuimf.dll
    C:\WINDOWS\system32\jltphpcu.dll
    :\WINDOWS\system32\j6221638.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

    a+
    0
  3. Bahamut84
     
    Merci de ton aide, j'ai des problemes de coneion chez moi donc j'ai pas pu essayer tout ca, mais je te tiens au courant dès que possible
    Merci encore de ton aide précieuse !
    0
  4. Bahamut84
     
    Lu !
    bon j'ai suivi tes instructions :
    Log VundoFix:

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:50:17 05/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtsr.dll
    C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\ddcyabb.dll
    C:\WINDOWS\system32\jltphpcu.dll
    C:\WINDOWS\system32\jmsfmmlv.dll
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\oyvacvlr.dll
    C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pqstv.ini
    C:\WINDOWS\system32\rlvcavyo.ini
    C:\WINDOWS\system32\rstwa.ini
    C:\WINDOWS\system32\ucphptlj.ini
    C:\WINDOWS\system32\uvvwa.bak1
    C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.tmp
    C:\WINDOWS\system32\vnjdtmit.dll
    C:\WINDOWS\system32\vtsqp.dll
    C:\WINDOWS\system32\yovwmcfx.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtsr.dll
    C:\WINDOWS\system32\awtsr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\awvvu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jltphpcu.dll
    C:\WINDOWS\system32\jltphpcu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oyvacvlr.dll
    C:\WINDOWS\system32\oyvacvlr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqstv.ini
    C:\WINDOWS\system32\pqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rlvcavyo.ini
    C:\WINDOWS\system32\rlvcavyo.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rstwa.ini
    C:\WINDOWS\system32\rstwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ucphptlj.ini
    C:\WINDOWS\system32\ucphptlj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
    C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.tmp
    C:\WINDOWS\system32\uvvwa.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vnjdtmit.dll
    C:\WINDOWS\system32\vnjdtmit.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqp.dll
    C:\WINDOWS\system32\vtsqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yovwmcfx.dll
    C:\WINDOWS\system32\yovwmcfx.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:58:27 05/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\awvvu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rhysuimf.dll
    C:\WINDOWS\system32\rhysuimf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    Et log HijackThis :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:19:51, on 07/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
    O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
    O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
    O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
    O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    on continue!

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\awvvu.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

    a+
    0
  7. Bahamut84
     
    alors:

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:50:17 05/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtsr.dll
    C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\ddcyabb.dll
    C:\WINDOWS\system32\jltphpcu.dll
    C:\WINDOWS\system32\jmsfmmlv.dll
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\oyvacvlr.dll
    C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pqstv.ini
    C:\WINDOWS\system32\rlvcavyo.ini
    C:\WINDOWS\system32\rstwa.ini
    C:\WINDOWS\system32\ucphptlj.ini
    C:\WINDOWS\system32\uvvwa.bak1
    C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.tmp
    C:\WINDOWS\system32\vnjdtmit.dll
    C:\WINDOWS\system32\vtsqp.dll
    C:\WINDOWS\system32\yovwmcfx.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtsr.dll
    C:\WINDOWS\system32\awtsr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\awvvu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jltphpcu.dll
    C:\WINDOWS\system32\jltphpcu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oyvacvlr.dll
    C:\WINDOWS\system32\oyvacvlr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqstv.ini
    C:\WINDOWS\system32\pqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rlvcavyo.ini
    C:\WINDOWS\system32\rlvcavyo.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rstwa.ini
    C:\WINDOWS\system32\rstwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ucphptlj.ini
    C:\WINDOWS\system32\ucphptlj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
    C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.tmp
    C:\WINDOWS\system32\uvvwa.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vnjdtmit.dll
    C:\WINDOWS\system32\vnjdtmit.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqp.dll
    C:\WINDOWS\system32\vtsqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yovwmcfx.dll
    C:\WINDOWS\system32\yovwmcfx.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:58:27 05/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\awvvu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rhysuimf.dll
    C:\WINDOWS\system32\rhysuimf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    et

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:18:04, on 07/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: 67.15.88.46 fuk01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 duk01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fus01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fjp01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 feu01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fkr01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fmx01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fau01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fsa01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 ftw01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fru01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 fcn01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dus01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 djp01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 deu01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dkr01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dmx01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dau01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dsa01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dtw01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dru01.ps3.update.playstation.net
    O1 - Hosts: 67.15.88.46 dcn01.ps3.update.playstation.net
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\jltphpcu.dll",realset
    O4 - HKLM\..\Run: [j6221638] rundll32 C:\WINDOWS\system32\j6221638.dll sook
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
    O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
    O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
    O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  8. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    vundo fait de la résistance!

    Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

    http://www.techsupportforum.com/sectools/combofix.exe

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Double clique combofix.exe et suis les invites

    Poste le rapport

    a+
    0
  9. Bahamut84
     
    log combofix:

    "DORIAN" - 2007-06-07 21:27:17 Service Pack 2 NTFS
    ComboFix 07-06-3B - Running from: "C:\Documents and Settings\DORIAN\Bureau\"

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\gjukvwhk.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
    C:\WINDOWS\system32\0_exception.nls
    C:\WINDOWS\system32\xpdx.sys

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_NWSAPAGENT
    -------\LEGACY_RUNTIME
    -------\nm
    -------\NwSapAgent
    -------\runtime
    -------\xpdx

    ((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))

    2007-06-07 21:30 <REP> d-------- C:\Avenger
    2007-06-07 20:13 <REP> d-------- C:\Program Files\Neuf
    2007-06-05 21:50 <REP> d-------- C:\VundoFix Backups
    2007-06-05 20:06 14,868 --a------ C:\WINDOWS\system32\iotwqmql.exe
    2007-06-01 14:40 <REP> d-------- C:\DOCUME~1\DORIAN\APPLIC~1\Apple Computer
    2007-05-30 20:51 <REP> d-------- C:\DOCUME~1\DORIAN\APPLIC~1\Lavasoft
    2007-05-30 20:50 <REP> d-------- C:\Program Files\Lavasoft
    2007-05-30 19:15 14,868 --a------ C:\WINDOWS\system32\aeshamuo.exe
    2007-05-29 16:14 <REP> d-------- C:\Program Files\AskTBar
    2007-05-29 16:09 <REP> d-------- C:\Program Files\FDRLab
    2007-05-25 13:52 <REP> d-------- C:\Program Files\Windows Media Connect
    2007-05-14 13:23 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-05-14 13:23 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-05-14 13:23 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-05-14 13:23 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-05-14 13:23 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-05-14 13:23 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-05-14 13:23 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-05-14 13:23 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-05-14 13:23 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
    2007-05-11 01:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-07 19:10:57 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Skype
    2007-06-01 01:02:23 -------- d-----w C:\Program Files\Windows Live Toolbar
    2007-05-31 12:11:08 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Image Zone Express
    2007-05-31 11:14:03 -------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-05-31 11:00:32 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Azureus
    2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-05-29 11:35:13 -------- d-----w C:\Program Files\Winamp
    2007-05-28 11:20:21 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\Ahead
    2007-05-25 12:00:38 76,144 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-25 12:00:38 470,828 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-25 11:40:44 -------- d-----w C:\Program Files\PS3Portal
    2007-04-25 12:38:16 -------- d-----w C:\DOCUME~1\DORIAN\APPLIC~1\KVIrc
    2007-04-25 12:27:07 -------- d-----w C:\Program Files\KVIrc
    2007-04-20 11:30:41 -------- d-----w C:\Program Files\CCleaner
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-04-16 20:35:26 41,966 ----a-w C:\WINDOWS\system32\drivers\vradfil.sys
    2007-04-16 20:35:24 3,484,416 ----a-w C:\WINDOWS\system32\drivers\vrcore.sys
    2007-04-16 20:31:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-04-16 20:31:10 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {40D655E6-2AE5-401C-A311-D5A11F94BC17}=C:\WINDOWS\system32\awvvu.dll []
    {64F56FC1-1272-44CD-BA6E-39723696E350}=C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL []
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {83092451-0647-4583-B973-339C4A1D1BD6}=C:\WINDOWS\system32\rhysuimf.dll []
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]
    {9CB65201-89C4-402c-BA80-02D8C59F9B1D}=C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2007-05-29 16:14]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]
    {FE063DB1-4EC0-403e-8DD8-394C54984B2C}=C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2007-05-29 16:14]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "EoEngine"="" []
    "EoWeather"="" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-24 16:28]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-27 17:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-12-25 14:00]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 18:16]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 01:12]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45]
    "Nero MediaHome"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" [2006-01-16 17:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"=0 (0x0)
    "NoMovingBands"=0 (0x0)
    "NoCloseDragDropBands"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoToolbarsOnTaskbar"=0 (0x0)
    "NoSaveSettings"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{366B3029-12AC-4E0A-9E94-E1149D6C80B2}"="rdihost.dll" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu]
    C:\WINDOWS\system32\awvvu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyabb]
    ddcyabb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
    winetn32.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    Contents of the 'Scheduled Tasks' folder
    2007-06-07 19:25:00 C:\WINDOWS\tasks\User_Feed_Synchronization-{AEA69A0A-185C-4520-9CA0-59EE0CC95B21}.job
    2007-06-07 18:42:01 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    2007-05-31 22:52:00 C:\WINDOWS\tasks\WebReg psc 1500 series.job

    **************************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-07 21:31:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-07 21:33:10 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-07 21:32

    --- E O F ---
    0
  10. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    encore pas mal infecté le pc!

    Télécharge Blacklight (de F-Secure), sauvegarde le sur ton Bureau:

    https://europe.f-secure.com/exclude/blacklight/index.shtml

    Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse!

    a+
    0
  11. Bahamut84
     
    log blacklight :

    06/07/07 22:21:49 [Info]: BlackLight Engine 1.0.61 initialized
    06/07/07 22:21:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    06/07/07 22:21:50 [Note]: 7019 4
    06/07/07 22:21:50 [Note]: 7005 0
    06/07/07 22:21:54 [Note]: 7006 0
    06/07/07 22:21:54 [Note]: 7011 204
    06/07/07 22:21:54 [Note]: 7026 0
    06/07/07 22:21:54 [Note]: 7026 0
    06/07/07 22:21:58 [Note]: FSRAW library version 1.7.1021
    06/07/07 22:29:45 [Note]: 2000 1012
    06/07/07 22:29:45 [Note]: 2000 1012
    06/07/07 22:29:45 [Note]: 2000 1012
    06/07/07 23:29:11 [Note]: 7007 0
    0
  12. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    je vois que tu as AVG antispyware, peux tu faire un scan et poster le rapport!

    a+
    0
  13. Bahamut84
     
    lu !
    voici le rapport AVG:

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 11:51:49 09/06/2007

    + Résultat de l'analyse:

    Rien à signaler.

    Fin du rapport

    pourtant j'ai plein de "tracking cookies" dans les resultats d'analyse...

    voili voilou !
    0
  14. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    rends toi ici:

    http://www.virustotal.com/flash/index_en.html

    et fais analyser les fichiers ci dessous:

    C:\WINDOWS\system32\aeshamuo.exe
    C:\WINDOWS\system32\lfbmp13n.dll
    C:\WINDOWS\system32\ltkrn13n.dll
    C:\WINDOWS\system32\ltimg13n.dll
    C:\WINDOWS\system32\lfcmp13n.dll
    C:\WINDOWS\system32\ltdis13n.dll
    C:\WINDOWS\system32\ltefx13n.dll
    C:\WINDOWS\system32\ltfil13n.dll
    C:\WINDOWS\system32\lfpng13n.dll

    poste les rapports ensuite

    a+
    0
  15. Bahamut84
     
    Salut,
    desolé pour cette absence, mais tout ca a été long a faire, mais cay est tout est là :

    Complete scanning result of "aeshamuo.exe", received in VirusTotal at 06.10.2007, 21:42:05 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.9.0 06.08.2007 no virus found
    AntiVir 7.4.0.32 06.09.2007 TR/Click.Small.MW.1
    Authentium 4.93.8 05.23.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 06.10.2007 no virus found
    BitDefender 7.2 06.10.2007 no virus found
    CAT-QuickHeal 9.00 06.09.2007 no virus found
    ClamAV devel-20070416 06.10.2007 no virus found
    DrWeb 4.33 06.10.2007 Trojan.Click.2480
    eSafe 7.0.15.0 06.10.2007 no virus found
    eTrust-Vet 30.7.3707 06.09.2007 no virus found
    Ewido 4.0 06.10.2007 no virus found
    FileAdvisor 1 06.10.2007 no virus found
    Fortinet 2.85.0.0 06.10.2007 no virus found
    F-Prot 4.3.2.48 06.08.2007 no virus found
    F-Secure 6.70.13030.0 06.10.2007 no virus found
    Ikarus T3.1.1.8 06.10.2007 Trojan-Clicker.Small.YB
    Kaspersky 4.0.2.24 06.10.2007 no virus found
    McAfee 5049 06.08.2007 Generic AdClicker.b.dll
    Microsoft 1.2503 06.10.2007 no virus found
    NOD32v2 2321 06.10.2007 no virus found
    Norman 5.80.02 06.08.2007 no virus found
    Panda 9.0.0.4 06.10.2007 Suspicious file
    Prevx1 V2 06.10.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 06.09.2007 no virus found
    Symantec 10 06.10.2007 no virus found
    TheHacker 6.1.6.131 06.08.2007 no virus found
    VBA32 3.12.0 06.10.2007 Trojan.Click.2480
    VirusBuster 4.3.23:9 06.10.2007 no virus found
    Webwasher-Gateway 6.0.1 06.10.2007 Trojan.Click.Small.MW.1

    Aditional Information
    File size: 14868 bytes
    MD5: 3034eb4211ca5feadd2d04e8f5161cf3
    SHA1: 3756199f9340c4215c01b5dc2d21731e402af529
    packers: BINARYRES

    -----------------------------------------

    Antivirus Version Update Result
    AhnLab-V3 2007.6.11.1 06.11.2007 no virus found
    AntiVir 7.4.0.32 06.11.2007 no virus found
    Authentium 4.93.8 06.11.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 06.10.2007 no virus found
    BitDefender 7.2 06.11.2007 no virus found
    CAT-QuickHeal 9.00 06.09.2007 no virus found
    ClamAV devel-20070416 06.11.2007 no virus found
    DrWeb 4.33 06.11.2007 no virus found
    eSafe 7.0.15.0 06.10.2007 no virus found
    eTrust-Vet 30.7.3710 06.11.2007 no virus found
    Ewido 4.0 06.11.2007 no virus found
    FileAdvisor 1 06.11.2007 No threat detected
    Fortinet 2.85.0.0 06.11.2007 no virus found
    F-Prot 4.3.2.48 06.08.2007 no virus found

    Aditional Information
    File size: 57344 bytes
    MD5: dc38b1b71cb7ff8f4241333b9ec84f03
    SHA1: a02594e71c58413d003f83f3daa7341f755c9b63
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=dc38b1b71cb7ff8f4241333b9ec84f03

    --------------------------------------

    Complete scanning result of "ltkrn13n.dll_", received in VirusTotal at 06.11.2007, 13:19:07 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.11.1 06.11.2007 no virus found
    AntiVir 7.4.0.32 06.11.2007 no virus found
    Authentium 4.93.8 06.11.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 06.10.2007 no virus found
    BitDefender 7.2 06.11.2007 no virus found
    CAT-QuickHeal 9.00 06.09.2007 no virus found
    ClamAV devel-20070416 06.11.2007 no virus found
    DrWeb 4.33 06.11.2007 no virus found
    eSafe 7.0.15.0 06.10.2007 no virus found
    eTrust-Vet 30.7.3710 06.11.2007 no virus found
    Ewido 4.0 06.11.2007 no virus found
    FileAdvisor 1 06.11.2007 No threat detected
    Fortinet 2.85.0.0 06.11.2007 no virus found
    F-Prot 4.3.2.48 06.08.2007 no virus found
    F-Secure 6.70.13030.0 06.11.2007 no virus found
    Ikarus T3.1.1.8 06.11.2007 no virus found
    Kaspersky 4.0.2.24 06.11.2007 no virus found
    McAfee 5049 06.08.2007 no virus found
    Microsoft 1.2503 06.11.2007 no virus found
    NOD32v2 2321 06.10.2007 no virus found
    Norman 5.80.02 06.08.2007 no virus found
    Panda 9.0.0.4 06.11.2007 no virus found
    Prevx1 V2 06.11.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 06.09.2007 no virus found
    Symantec 10 06.11.2007 no virus found
    TheHacker 6.1.6.131 06.08.2007 no virus found
    VBA32 3.12.0 06.10.2007 no virus found
    VirusBuster 4.3.23:9 06.10.2007 no virus found
    Webwasher-Gateway 6.0.1 06.11.2007 no virus found

    Aditional Information
    File size: 462848 bytes
    MD5: cefc7e62d25bdc3a4501062718d0a65f
    SHA1: 9e80df06f190e93dfe1f8a419b8c3fb2df7b4ef4
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=cefc7e62d25bdc3a4501062718d0a65f
    ------------------------------------

    Complete scanning result of "ltimg13n.dll", received in VirusTotal at 06.11.2007, 13:31:52 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.5.9.0 05.09.2007 no virus found
    AntiVir 7.4.0.32 06.11.2007 no virus found
    Authentium 4.93.8 06.11.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 05.08.2007 no virus found
    BitDefender 7.2 06.11.2007 no virus found
    CAT-QuickHeal 9.00 06.09.2007 no virus found
    ClamAV devel-20070416 05.09.2007 no virus found
    DrWeb 4.33 06.11.2007 no virus found
    eSafe 7.0.15.0 05.08.2007 no virus found
    eTrust-Vet 30.7.3710 06.11.2007 no virus found
    FileAdvisor 1 06.11.2007 No threat detected
    Fortinet 2.85.0.0 06.11.2007 no virus found
    F-Prot 4.3.2.48 05.08.2007 no virus found
    F-Secure 6.70.13030.0 05.09.2007 no virus found
    Ikarus T3.1.1.7 05.09.2007 no virus found
    Kaspersky 4.0.2.24 06.11.2007 no virus found
    McAfee 5049 06.08.2007 no virus found
    Microsoft 1.2503 06.11.2007 no virus found
    NOD32v2 2321 06.10.2007 no virus found
    Norman 5.80.02 06.08.2007 no virus found
    Panda 9.0.0.4 06.11.2007 no virus found
    Prevx1 V2 06.11.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 05.05.2007 no virus found
    Symantec 10 05.09.2007 no virus found
    TheHacker 6.1.6.131 06.08.2007 no virus found
    VBA32 3.12.0 06.10.2007 no virus found
    VirusBuster 4.3.23:9 06.10.2007 no virus found
    Webwasher-Gateway 6.0.1 05.09.2007 no virus found

    Aditional Information
    File size: 450560 bytes
    MD5: 209b65395e75cd957e14b8ec3c742a7b
    SHA1: d67687481fdee8bf50d0b7a899ffc4229c4fdbea
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=209b65395e75cd957e14b8ec3c742a7b

    --------------------------------

    omplete scanning result of "lfcmp13n.dll", received in VirusTotal at 06.11.2007, 13:41:38 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.11.1 06.11.2007 no virus found
    AntiVir 7.4.0.32 06.11.2007 no virus found
    Authentium 4.93.8 06.11.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 06.10.2007 no virus found
    BitDefender 7.2 06.11.2007 no virus found
    CAT-QuickHeal 9.00 06.09.2007 no virus found
    ClamAV devel-20070416 06.11.2007 no virus found
    DrWeb 4.33 06.11.2007 no virus found
    eSafe 7.0.15.0 06.10.2007 no virus found
    eTrust-Vet 30.7.3710 06.11.2007 no virus found
    Ewido 4.0 06.11.2007 no virus found
    FileAdvisor 1 06.11.2007 No threat detected
    Fortinet 2.85.0.0 06.11.2007 no virus found
    F-Prot 4.3.2.48 06.08.2007 no virus found
    F-Secure 6.70.13030.0 06.11.2007 no virus found
    Ikarus T3.1.1.8 06.11.2007 no virus found
    Kaspersky 4.0.2.24 06.11.2007 no virus found
    McAfee 5049 06.08.2007 no virus found
    Microsoft 1.2503 06.11.2007 no virus found
    NOD32v2 2322 06.11.2007 no virus found
    Norman 5.80.02 06.08.2007 no virus found
    Panda 9.0.0.4 06.11.2007 no virus found
    Prevx1 V2 06.11.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 06.09.2007 no virus found
    Symantec 10 06.11.2007 no virus found
    TheHacker 6.1.6.131 06.08.2007 no virus found
    VBA32 3.12.0 06.10.2007 no virus found
    VirusBuster 4.3.23:9 06.10.2007 no virus found
    Webwasher-Gateway 6.0.1 06.11.2007 no virus found

    Aditional Information
    File size: 401408 bytes
    MD5: 6cba9ece3186adeae144a79e3ac769fe
    SHA1: caf65a2a80e5dad59062f52eb9902eca8ae192c7
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=6cba9ece3186adeae144a79e3ac769fe

    ------

    Complete scanning result of "ltdis13n.dll", received in VirusTotal at 06.11.2007, 14:19:34 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.11.1 06.11.2007 no virus found
    AntiVir 7.4.0.32 06.11.2007 no virus found
    Authentium 4.93.8 06.11.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 06.10.2007 no virus found
    BitDefender 7.2 06.11.2007 no virus found
    CAT-QuickHeal 9.00 06.09.2007 no virus found
    ClamAV devel-20070416 06.11.2007 no virus found
    DrWeb 4.33 06.11.2007 no virus found
    eSafe 7.0.15.0 06.10.2007 no virus found
    eTrust-Vet 30.7.3710 06.11.2007 no virus found
    Ewido 4.0 06.11.2007 no virus found
    FileAdvisor 1 06.11.2007 No threat detected
    Fortinet 2.85.0.0 06.11.2007 no virus found
    F-Prot 4.3.2.48 06.08.2007 no virus found
    F-Secure 6.70.13030.0 06.11.2007 no virus found
    Ikarus T3.1.1.8 06.11.2007 no virus found
    Kaspersky 4.0.2.24 06.11.2007 no virus found
    McAfee 5049 06.08.2007 no virus found
    Microsoft 1.2503 06.11.2007 no virus found
    NOD32v2 2322 06.11.2007 no virus found
    Norman 5.80.02 06.08.2007 no virus found
    Panda 9.0.0.4 06.11.2007 no virus found
    Prevx1 V2 06.11.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 06.09.2007 no virus found
    Symantec 10 06.11.2007 no virus found
    TheHacker 6.1.6.132 06.11.2007 no virus found
    VBA32 3.12.0 06.10.2007 no virus found
    VirusBuster 4.3.23:9 06.10.2007 no virus found
    Webwasher-Gateway 6.0.1 06.11.2007 no virus found

    Aditional Information
    File size: 299008 bytes
    MD5: 55d16beb62d0b6c54ce315f7063fa7a1
    SHA1: 7f7c52c7cb9776d50918414355c48ca3c842eace
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=55d16beb62d0b6c54ce315f7063fa7a1

    ------------------------------

    omplete scanning result of "ltefx13n.dll", received in VirusTotal at 06.14.2007, 16:36:47 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.5.9.0 05.09.2007 no virus found
    AntiVir 7.4.0.32 06.14.2007 no virus found
    Authentium 4.93.8 06.14.2007 no virus found
    Avast 4.7.997.0 06.13.2007 no virus found
    AVG 7.5.0.467 05.08.2007 no virus found
    BitDefender 7.2 06.14.2007 no virus found
    CAT-QuickHeal 9.00 06.14.2007 no virus found
    ClamAV devel-20070416 05.09.2007 no virus found
    DrWeb 4.33 06.14.2007 no virus found
    eSafe 7.0.15.0 05.08.2007 no virus found
    eTrust-Vet 30.7.3718 06.14.2007 no virus found
    FileAdvisor 1 06.14.2007 Not analyzed yet
    Fortinet 2.85.0.0 06.14.2007 no virus found
    F-Prot 4.3.2.48 05.08.2007 no virus found
    F-Secure 6.70.13030.0 05.09.2007 no virus found
    Ikarus T3.1.1.7 05.09.2007 no virus found
    Kaspersky 4.0.2.24 06.14.2007 no virus found
    McAfee 5052 06.13.2007 no virus found
    Microsoft 1.2503 06.14.2007 no virus found
    NOD32v2 2329 06.14.2007 no virus found
    Norman 5.80.02 06.14.2007 no virus found
    Panda 9.0.0.4 06.14.2007 no virus found
    Prevx1 V2 06.14.2007 no virus found
    Sophos 4.18.0 06.12.2007 no virus found
    Sunbelt 2.2.907.0 05.05.2007 no virus found
    Symantec 10 05.09.2007 no virus found
    TheHacker 6.1.6.133 06.14.2007 no virus found
    VBA32 3.12.0.1 06.13.2007 no virus found
    VirusBuster 4.3.23:9 06.14.2007 no virus found
    Webwasher-Gateway 6.0.1 05.09.2007 no virus found

    Aditional Information
    File size: 206336 bytes
    MD5: f56ba445d7d36eb4ddbfe4477bad594d
    SHA1: c90c6f982a8900c8dadfa1bd59aed3c1f6af9d11
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f56ba445d7d36eb4ddbfe4477bad594d

    ------------------------
    Complete scanning result of "ltfil13n.dll", received in VirusTotal at 06.14.2007, 17:20:38 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.12.2 06.14.2007 no virus found
    AntiVir 7.4.0.32 06.14.2007 no virus found
    Authentium 4.93.8 06.14.2007 no virus found
    Avast 4.7.997.0 06.13.2007 no virus found
    AVG 7.5.0.467 06.14.2007 no virus found
    BitDefender 7.2 06.14.2007 no virus found
    CAT-QuickHeal 9.00 06.14.2007 no virus found
    ClamAV devel-20070416 06.14.2007 no virus found
    DrWeb 4.33 06.14.2007 no virus found
    eSafe 7.0.15.0 06.13.2007 no virus found
    eTrust-Vet 30.7.3718 06.14.2007 no virus found
    Ewido 4.0 06.14.2007 no virus found
    FileAdvisor 1 06.14.2007 No threat detected
    Fortinet 2.85.0.0 06.14.2007 no virus found
    F-Prot 4.3.2.48 06.14.2007 no virus found
    F-Secure 6.70.13030.0 06.14.2007 no virus found
    Ikarus T3.1.1.8 06.14.2007 no virus found
    Kaspersky 4.0.2.24 06.14.2007 no virus found
    McAfee 5052 06.13.2007 no virus found
    Microsoft 1.2503 06.14.2007 no virus found
    NOD32v2 2329 06.14.2007 no virus found
    Norman 5.80.02 06.14.2007 no virus found
    Panda 9.0.0.4 06.14.2007 no virus found
    Prevx1 V2 06.14.2007 no virus found
    Sophos 4.18.0 06.12.2007 no virus found
    Sunbelt 2.2.907.0 06.14.2007 no virus found
    Symantec 10 06.14.2007 no virus found
    TheHacker 6.1.6.133 06.14.2007 no virus found
    VBA32 3.12.0.1 06.13.2007 no virus found
    VirusBuster 4.3.23:9 06.14.2007 no virus found
    Webwasher-Gateway 6.0.1 06.14.2007 no virus found

    Aditional Information
    File size: 163840 bytes
    MD5: bf1727ed495670881e18e346d162ca3d
    SHA1: dbbb858bbdc51cc1843cc7c2cab5b26574bd01d9
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=bf1727ed495670881e18e346d162ca3d

    --------------

    Complete scanning result of "lfpng13n.dll_", received in VirusTotal at 06.19.2007, 13:02:09 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.16.0 06.19.2007 no virus found
    AntiVir 7.4.0.34 06.19.2007 no virus found
    Authentium 4.93.8 06.18.2007 no virus found
    Avast 4.7.997.0 06.18.2007 no virus found
    AVG 7.5.0.467 06.18.2007 no virus found
    BitDefender 7.2 06.19.2007 no virus found
    CAT-QuickHeal 9.00 06.18.2007 no virus found
    ClamAV devel-20070416 06.19.2007 no virus found
    DrWeb 4.33 06.19.2007 no virus found
    eSafe 7.0.15.0 06.19.2007 no virus found
    eTrust-Vet 30.7.3727 06.19.2007 no virus found
    Ewido 4.0 06.19.2007 no virus found
    FileAdvisor 1 06.19.2007 No threat detected
    Fortinet 2.91.0.0 06.19.2007 no virus found
    F-Prot 4.3.2.48 06.18.2007 no virus found
    F-Secure 6.70.13030.0 06.19.2007 no virus found
    Ikarus T3.1.1.8 06.19.2007 no virus found
    Kaspersky 4.0.2.24 06.19.2007 no virus found
    McAfee 5055 06.18.2007 no virus found
    Microsoft 1.2607 06.19.2007 no virus found
    NOD32v2 2338 06.19.2007 no virus found
    Norman 5.80.02 06.18.2007 no virus found
    Panda 9.0.0.4 06.19.2007 no virus found
    Prevx1 V2 06.19.2007 no virus found
    Sophos 4.18.0 06.12.2007 no virus found
    Sunbelt 2.2.907.0 06.16.2007 no virus found
    Symantec 10 06.19.2007 no virus found
    TheHacker 6.1.6.134 06.18.2007 no virus found
    VBA32 3.12.0.2 06.19.2007 no virus found
    VirusBuster 4.3.23:9 06.18.2007 no virus found
    Webwasher-Gateway 6.0.1 06.19.2007 no virus found

    Aditional Information
    File size: 159744 bytes
    MD5: ad6d6fac370748775fb9fb33a398bff9
    SHA1: bf3f5c2dc388132f0ad0d33774de324127335cf4
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=ad6d6fac370748775fb9fb33a398bff9

    et merci encore !
    0
  16. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir,

    1) recherche et supprime le fichier en gras ci dessous:

    C:\WINDOWS\system32\aeshamuo.exe

    2) repasse hijacthis et poste le rapport!

    a+
    0
  17. Bahamut84
     
    Fichier, trouvé et supprimé, et voilà le log hijackthis :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:51:46, on 20/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
    O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
    O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
    O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  18. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {40D655E6-2AE5-401C-A311-D5A11F94BC17} - C:\WINDOWS\system32\awvvu.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {83092451-0647-4583-B973-339C4A1D1BD6} - C:\WINDOWS\system32\rhysuimf.dll (file missing)
    O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
    O20 - Winlogon Notify: ddcyabb - ddcyabb.dll (file missing)
    O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)

    comment se comporte le pc?

    a+
    0
  19. Bahamut84
     
    Alors voici mon log apres avoir fixé les lignes citées :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:58:28, on 21/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\DORIAN\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero MediaHome] "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?15165ada64f74dbe8744d0fa360a899d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?15165ada64f74dbe8744d0fa360a899d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: rdihost - {366B3029-12AC-4E0A-9E94-E1149D6C80B2} - rdihost.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  20. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    tu n'aurais pas un soft du genre stylexp, objectdock?

    En mode sans échec, est ce qu'elle apparaît?

    a+
    0
  21. Bahamut84
     
    salut !

    effectivement, j'utilise la barre objectdock, mais ca fait tres liongtemps que je m'en sers et je n'ai jamais eu ce genre de probleme auparavant.

    Par contre, ma barre de tâches et bien présente en mode sans échec...

    Voilà !

    Merci
    0
  • 1
  • 2