Petit probleme avec virtumonde-bdFermé

Question

Bonsoir a toute la communautee,

Je me trouve actuellement aux Philippines et j utilise le portable du cousin de mon epouse.
Chaque fois que jutilise celui-ci, avast me signale qu il est infecte par un trojan nomme virtumonde.
Aussi je lui ai dis que la caummunaute des utilisateurs de windows pouvait l aider.
Malheureusement il ne jure que par son antivirus...
quelqu un pourait-il m aider a lui demontrer  le contraire?
je vous joind un scan hijackthis au cas ou....
merci encore, je sais que par le passe vous  m avez ete d une grande utilite!!!
Bonne nuit
Laurent.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:09:24 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32	snp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cuyugan\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2320104D-BFB4-446A-B6CF-9943560A418B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {709AFF26-6BB0-4AD3-A3A3-1286592465D6} - C:\WINDOWS\system32\vtuuusq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32	snp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: vtuuusq - C:\WINDOWS\SYSTEM32\vtuuusq.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

raleuboleu · Answer

salut

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu 

pendant ce temps je regarde ton rapport hijack


bizoux

laudela38 · Answer

Merci pour ta reponse tgv
je suppose qu il s agit du fichier nomme VBG :


[07/13/2007, 2:27:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\cuyugan\Desktop\VirtumundoBeGone.exe" )
[07/13/2007, 2:27:26] - Detected System Information:
[07/13/2007, 2:27:26] -  Windows Version: 5.1.2600, Service Pack 2
[07/13/2007, 2:27:26] -  Current Username: cuyugan (Admin)
[07/13/2007, 2:27:26] -  Windows is in NORMAL mode.
[07/13/2007, 2:27:26] - Searching for Browser Helper Objects:
[07/13/2007, 2:27:26] -  BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
[07/13/2007, 2:27:26] -  BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/13/2007, 2:27:26] -  BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/13/2007, 2:27:26] -  BHO 4: {2320104D-BFB4-446A-B6CF-9943560A418B} ()
[07/13/2007, 2:27:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:26] -  No filename found. Continuing.
[07/13/2007, 2:27:26] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/13/2007, 2:27:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:26] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/13/2007, 2:27:26] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/13/2007, 2:27:26] -  BHO 6: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/13/2007, 2:27:26] -  BHO 7: {709AFF26-6BB0-4AD3-A3A3-1286592465D6} ()
[07/13/2007, 2:27:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:26] -  Checking for HKLM\...\Winlogon\Notify\vtuuusq
[07/13/2007, 2:27:26] -  Found: HKLM\...\Winlogon\Notify\vtuuusq - This is probably Virtumundo.
[07/13/2007, 2:27:26] -  Assigning {709AFF26-6BB0-4AD3-A3A3-1286592465D6} MSEvents Object
[07/13/2007, 2:27:26] - BHO list has been changed! Starting over...
[07/13/2007, 2:27:26] -  BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
[07/13/2007, 2:27:26] -  BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/13/2007, 2:27:26] -  BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/13/2007, 2:27:26] -  BHO 4: {2320104D-BFB4-446A-B6CF-9943560A418B} ()
[07/13/2007, 2:27:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:26] -  No filename found. Continuing.
[07/13/2007, 2:27:26] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/13/2007, 2:27:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:26] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/13/2007, 2:27:26] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/13/2007, 2:27:26] -  BHO 6: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/13/2007, 2:27:26] -  BHO 7: {709AFF26-6BB0-4AD3-A3A3-1286592465D6} (MSEvents Object)
[07/13/2007, 2:27:27] - ALERT: Found MSEvents Object!
[07/13/2007, 2:27:27] -  BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/13/2007, 2:27:27] -  BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/13/2007, 2:27:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:27] -  No filename found. Continuing.
[07/13/2007, 2:27:27] - Finished Searching Browser Helper Objects
[07/13/2007, 2:27:27] - *** Detected MSEvents Object
[07/13/2007, 2:27:27] - Trying to remove MSEvents Object...
[07/13/2007, 2:27:28] -    Terminating Process: IEXPLORE.EXE
[07/13/2007, 2:27:28] -    Terminating Process: RUNDLL32.EXE
[07/13/2007, 2:27:28] -    Disabling Automatic Shell Restart
[07/13/2007, 2:27:28] -    Terminating Process: EXPLORER.EXE
[07/13/2007, 2:27:28] -    Suspending the NT Session Manager System Service
[07/13/2007, 2:27:28] -    Terminating Windows NT Logon/Logoff Manager
[07/13/2007, 2:27:29] -    Re-enabling Automatic Shell Restart
[07/13/2007, 2:27:29] -   File to disable: C:\WINDOWS\system32\vtuuusq.dll
[07/13/2007, 2:27:29] -  Renaming C:\WINDOWS\system32\vtuuusq.dll -> C:\WINDOWS\system32\vtuuusq.dll.vir
[07/13/2007, 2:27:29] -  File successfully renamed!
[07/13/2007, 2:27:29] -   Removing HKLM\...\Browser Helper Objects\{709AFF26-6BB0-4AD3-A3A3-1286592465D6}
[07/13/2007, 2:27:29] -   Removing HKCR\CLSID\{709AFF26-6BB0-4AD3-A3A3-1286592465D6}
[07/13/2007, 2:27:29] -   Adding Kill Bit for ActiveX for GUID: {709AFF26-6BB0-4AD3-A3A3-1286592465D6}
[07/13/2007, 2:27:29] -   Deleting ATLEvents/MSEvents Registry entries
[07/13/2007, 2:27:29] -   Removing HKLM\...\Winlogon\Notify\vtuuusq
[07/13/2007, 2:27:29] - Searching for Browser Helper Objects:
[07/13/2007, 2:27:29] -  BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
[07/13/2007, 2:27:29] -  BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/13/2007, 2:27:29] -  BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/13/2007, 2:27:29] -  BHO 4: {2320104D-BFB4-446A-B6CF-9943560A418B} ()
[07/13/2007, 2:27:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:29] -  No filename found. Continuing.
[07/13/2007, 2:27:29] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/13/2007, 2:27:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:29] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/13/2007, 2:27:29] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/13/2007, 2:27:29] -  BHO 6: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/13/2007, 2:27:29] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/13/2007, 2:27:29] -  BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/13/2007, 2:27:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2007, 2:27:29] -  No filename found. Continuing.
[07/13/2007, 2:27:29] - Finished Searching Browser Helper Objects
[07/13/2007, 2:27:29] - Finishing up...
[07/13/2007, 2:27:29] - A restart is needed.
[07/13/2007, 2:27:31] - Attempting to Restart via STOP error (Blue Screen!)





mon nouveau scan HiJackthis est les suivant :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:33:54 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32	snp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cuyugan\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2320104D-BFB4-446A-B6CF-9943560A418B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32	snp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

raleuboleu · Answer

re euh c moi TGV ?mdr

1/bon tite question quel est ton parefeu?

2/ton hijack est mal placé , désinstalle via ajout/sup de programmes dans panneau de config puis rend toi sur le lien suivant pour le réinstaller correctement stp :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

3/ reposte 1 rapport ! 

hijack doit se trouver sur c :

(c:\hijack...............)

ca change beaucoup de chose

kiss

laudela38 · Answer

ok desole j ignairai. j espere que ma manip est la bonne alors voici :

Logfile of HijackThis v1.99.1
Scan saved at 2:50:38 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32	snp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2320104D-BFB4-446A-B6CF-9943560A418B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32	snp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

bon courrage !

raleuboleu · Answer

re 

oui beaucoup mieux mais quel parefeu as tu ?

bizoux

laudela38 · Answer

apparemment il n en a aucun
desole peut etre aurai-je du commencer par la !!!
Laurent

raleuboleu · Answer

remoi


tu n'as pas a etre désolé ^^ t'apprend des tites choses et te sécurise en meme temps lol

a square je te dirais bien de virer mais bon...

telecharge ce parefeu , ideal avec avast !  kério ici:

--https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html

tuto ici, reglage du parefeu :

--https://www.malekal.com/tutorial-et-guide-counterspy/

bizoux

laudela38 · Answer

dernieres questions,
cela suffira-t-il pour eliminer sont petit caca ?
et qu en est-il de son scan hitjackthis?

Je suis chiant hein?

raleuboleu · Answer

rez

nan t pas chiant sinan ...............lool 

le parefeu est + k'utile , c'est pour ca je te soul avec lol mais nan ca aide mais resoud pas ahhhhhhhhhhhhhhhhhhh t'as cru op trankilou , nan nan 

mais installe le stp c'est important


bizoux

laudela38 · Answer

ok c fait
j ai cru que c etait fini...

raleuboleu · Answer

salut

peux tu remettre 1 rapport hijack pour voir les lignes que l'on a a fixer stp

bizz

moK´s@ · Answer

salut a vous deux il serais bon de fixer ceci :


* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\jkkjh.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

puis avec hiajck this coche ceci :

O2 - BHO: (no name) - {2320104D-BFB4-446A-B6CF-9943560A418B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

quitte tes applications et navigateur et fix les lignes ci dessus.


puis 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

puis 

* Télécharge combofix.exe (par sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe     

* Double clique combofix.exe.
* Tape sur la touche 1 (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

puis :


* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html
* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
si tu n'arrives pas à le mettre à jour prends ici les màj
http://downloads.ewido.net/avgas-signatures-full-current.exe

Sur la page "analyse":
•- tu choisis d'abord l'onglet "paramètres".
- sous « Comment réagir » clic sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer » 

Copie Et colle le rapport ici 

Ps : une fois le scan terminé tu supprime bien tout ce qu´il a trouvé.

1>tu le mets a jour > click sur l´onglet mis a jour puis commencer la mise a jour.
2>tu click sur l´onglet analyse puis sur le sous onglet parametre >comment reagir tu click sur ce que tu voie en dessous en bleu et tu regle sur supprimer. 
3>a droite "rapports" tu coche la case "généré un rapport a chaque analyse.

puis tu lance l´analyse tu click sur le sous onglet analyse puis analyse complete du systeme

@+

raleuboleu · Answer

merci a toi jlpjlp!!! je dois matter pas ou il faut!!!! pourtant process library est  bon site nan??????????????,,:!!!!

moK´s@ · Answer

moi c´est mok´s@

lol

raleuboleu · Answer

re

euhhhhhhhhhhhhh je sais lo meme ton pseudo et  a taper mdr

bizoux

moK´s@ · Answer

dure a taper c ca?

raleuboleu · Answer

mais oui !!! je dois mater ton pseudo 3 fois avant de l'écrire correctement looool, sadik va!!! mdr

moK´s@ · Answer

mok´s@

y rien de dure si?
 

lol


ca te fais tourner de l´oeil le @

raleuboleu · Answer

1 ti peu lol mais dis moi en mp ton prenom jme  calmerai lol je tente moks@a!!
c ca?

moK´s@ · Answer

oui c´est presque ca ;-)

encore un petit effort : mok´s@

je m´appel ville comme une ville je suis finnois>finlande
alors ville, mais bon on va arreter de pourir le post sinon l´internaute ne va plus rien comprendre...

bonne soirée c quoi ton prenom?

raleuboleu · Answer

mdr

je sais que tu es de finlande!!! moi ben c moi mdrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr simple loool

mais zut tu m l'anbonima ou euhhhhhhhhhhhhhhhhhhhhhh c fé expres ouuuuuuuuuuuuuuuuuuuuuuuuuuuu tu ve memerderder ptdr!!! moi c simple !!!!!!mdr

laudela38 · Answer

Merci pour vos instructions Voici les logs generes par tout vos petits outils : HIJACKTHIS : Logfile of HijackThis v1.99.1 Scan saved at 12:58:31 PM, on 7/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijackthis Version Française\hijackthis vf.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: jkkjh - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing) -------------------------------------------------------------------------------------------------------------------------- SDFIX : SDFix: Version 1.91 Run by cuyugan on Sun 07/15/2007 at 12:46 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\cuyugan\Desktop\sdfix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\UTSCSI.EXE - Deleted C:\WINDOWS\system32\crss.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32 toskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "D:\PC SOFTWARE\utorrent.exe"="D:\PC SOFTWARE\utorrent.exe:*:Enabled:æTorrent" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\cuyugan\Desktop\sdfix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\cuyugan\Local Settings\Application Data\Microsoft\Messenger\meekee76@hotmail.com\Sharing Folders\vinali@free.fr\Thumbs.db C:\WINDOWS\Temp\_ISTMPI.DIR\mmc32.exe C:\WINDOWS\system32\aybeg.tmp C:\WINDOWS\system32\ovsaepfp.tmp C:\WINDOWS\system32\sbtkfugm.tmp Finished ------------------------------------------------------------------------------------------------------------------------- COMBOFIX : "cuyugan" - 2007-07-15 13:02:29 - ComboFix 07-07-14.6 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\aafxfwkv.exe C:\WINDOWS\system32\cmciincg.exe C:\WINDOWS\system32\hgkmvlrm.exe C:\WINDOWS\system32\kfgdjqac.exe C:\WINDOWS\system32\ldvlutte.exe C:\WINDOWS\system32\lmkbwqjh.exe C:\WINDOWS\system32\lovhqidg.exe C:\WINDOWS\system32\qwylvkhk.exe C:\WINDOWS\system32\ujqfdbip.exe C:\WINDOWS\system32\vlcypdir.exe C:\WINDOWS\system32\vqxavmym.exe C:\WINDOWS\system32\vxuyjhaq.exe C:\WINDOWS\system32\yilpuugd.exe * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\cuyugan\Desktop.\internet explorer.lnk C:\WINDOWS\system32\dnscon70.dll C:\WINDOWS\system32\drivers\sfsync02.sys C:\WINDOWS\system32\mstcpcon20.dll C:\WINDOWS\system32 etmanage.dll C:\WINDOWS\system32 etused.dll C:\WINDOWS\system32\sr1000r.dll C:\WINDOWS emp\_istmpi.dir C:\WINDOWS emp\_istmpi.dir\mmc32.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DNSCON -------\LEGACY_NETMANAGER -------\LEGACY_SFSYNC02 -------\dnscon -------\NetManager -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 ))))))))))))))))))))))))))))))) 2007-07-15 13:04 0 --a------ C:\WINDOWS\system32\sfsync02.dll 2007-07-15 13:01 51,200 --a------ C:\WINDOWS ircmd.exe 2007-07-15 12:45 d-------- C:\WINDOWS\ERUNT 2007-07-15 12:33 146,432 --a------ C: egedit.exe 2007-07-15 11:09 d-------- C:\VundoFix Backups 2007-07-13 05:16 d-------- C:\Program Files\ToniArts 2007-07-13 04:57 d-------- C:\Program Files\RegCleaner 2007-07-13 03:31 d-------- C:\Program Files\Sunbelt Software 2007-07-13 02:50 d-------- C:\Hijackthis Version Fran‡aise 2007-07-13 02:48 d-------- C:\hijacakthis 2007-07-12 22:01 d-------- C:\WINDOWS\pss 2007-07-12 21:53 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-11 19:20 73,728 --a------ C:\WINDOWS\system32\vsnp2std.dll 2007-07-11 19:20 61,440 --a------ C:\WINDOWS\system32\csnp2std.dll 2007-07-11 19:20 40,960 --a------ C:\WINDOWS\system32\SNCTRL.exe 2007-07-11 19:20 339,968 --a------ C:\WINDOWS\vsnp2std.exe 2007-07-11 19:20 24,832 --a------ C:\WINDOWS\system32\drivers\sncamd.sys 2007-07-11 19:20 20,480 --a------ C:\WINDOWS\usnp2std.exe 2007-07-11 19:20 126,976 --a------ C:\WINDOWS\system32 snp2std.exe 2007-07-11 19:20 122,880 --a------ C:\WINDOWS\system32 snp2std.dll 2007-07-11 19:20 10,446,592 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys 2007-07-11 19:20 d-------- C:\Program Files\Common Files\snp2std 2007-07-11 02:24 d-------- C:\Program Files\a-squared Free 2007-07-11 02:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-07-10 20:30 d-------- C:\unzipped 2007-07-10 14:55 d-------- C:\DOCUME~1\cuyugan\Contacts 2007-07-10 14:49 d-------- C:\Program Files\MSN Messenger 2007-07-07 00:15 d-------- C:\DOCUME~1\cuyugan\APPLIC~1\Help 2007-07-07 00:13 d-------- C:\Program Files\IrfanView 2007-07-06 22:09 d-------- C:\Program Files\CCleaner 2007-07-03 13:09 934,810 ---hs---- C:\WINDOWS\system32\aybeg.bak2 2007-07-03 03:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-03 03:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-02 13:09 932,126 ---hs---- C:\WINDOWS\system32\aybeg.bak1 2007-07-01 13:51 999,927 ---hs---- C:\WINDOWS\system32\ghswinjh.ini2 2007-06-30 16:19 1,156 --a------ C:\WINDOWS\mozver.dat 2007-06-28 19:58 932,291 ---hs---- C:\WINDOWS\system32\aybeg.ini2 2007-06-28 11:40 405 ---hs---- C:\WINDOWS\system32\sbtkfugm.ini2 2007-06-28 03:03 0 --a------ C:\WINDOWS sreg.dat 2007-06-27 18:00 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-06-25 17:04 d-------- C:\Program Files\RegSeeker 2007-06-23 15:06 936,853 ---hs---- C:\WINDOWS\system32\hjkkj.bak2 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-15 04:52:04 9,811 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-14 12:48:02 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\uTorrent 2007-07-12 21:16:15 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-12 21:04:45 -------- d--h--r C:\DOCUME~1\cuyugan\APPLIC~1\yahoo! 2007-07-12 21:03:41 -------- d-----w C:\Program Files\Yahoo! 2007-07-10 17:37:23 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\Orbit 2007-07-10 17:36:27 -------- d-----w C:\Program Files\Orbitdownloader 2007-07-10 13:49:53 -------- d-----w C:\Program Files\DivX 2007-07-09 17:14:31 -------- d-----w C:\Program Files\Apple Software Update 2007-06-23 09:34:39 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\PLAux 2007-06-19 18:33:11 -------- d-----w C:\Program Files\iTunes 2007-06-19 18:32:28 -------- d-----w C:\Program Files\iPod 2007-06-05 12:15:23 -------- d-----w C:\Program Files\Springhouse 2007-05-25 16:43:59 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\Nokia 2007-05-24 10:52:17 -------- d-----w C:\Program Files\Nokia 2007-05-24 02:21:57 -------- d-----w C:\Program Files\QuickTime 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 14:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 14:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 14:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 14:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] 2007-06-18 13:33 122880 --a------ C:\Program Files\Orbitdownloader\orbitcth.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=0000000000000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\jkkjh] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0779bb88-7174-11db-af8d-806d6172696f}] Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1552cf85-1fb5-11dc-b0f0-0016d418f3d9}] Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c74c63c-7ad6-11db-afd7-0016d418f3d9}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE é_†™\command- G:\NETSVCS.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4f2389-302b-11dc-b15d-0016d418f3d9}] Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b819cb2e-81fd-11db-aff4-0016d418f3d9}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE é_†™\command- NETSVCS.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0606bf6-ac7a-11db-b070-0016d418f3d9}] Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0606bf7-ac7a-11db-b070-0016d418f3d9}] AutoRun\command- H:\USBNB.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b3d785-8056-11db-afef-0016d418f3d9}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE é_†™\command- NETSVCS.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2471cb4-2ba1-11dc-b141-0016d418f3d9}] Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-15 13:08:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-15 13:09:56 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-15 13:09 --- E O F --- -------------------------------------------------------------------------------------------------------------------------- ET ENFIN AVG : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 2:23:46 PM 7/15/2007 + Résultat de l'analyse: D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/keygen.exe -> Adware.Virtumonde : Nettoyé. D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/patch.exe -> Downloader.LoadAdv : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\aafxfwkv.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\cmciincg.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\hgkmvlrm.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\kfgdjqac.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\ldvlutte.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\lmkbwqjh.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\lovhqidg.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\qwylvkhk.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\ujqfdbip.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\vlcypdir.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\vqxavmym.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\vxuyjhaq.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\QooBox\Quarantine\C\WINDOWS\system32\yilpuugd.exe.vir -> Downloader.Tiny.id : Nettoyé. C:\Documents and Settings\cuyugan\My Documents\all nokia\MobiSystems.MSDict.Viewer.v2.40.S60.SymbianOS.Cracked-SyMPDA.rar/run.exe -> Downloader.Zlob.bbj : Nettoyé. :mozilla.30:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.31:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.32:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\cuyugan\Cookies\cuyugan@3.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\cuyugan\Cookies\cuyugan@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\cuyugan\Cookies\cuyugan@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.42:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/crack.exe -> Trojan.Agent.qt : Nettoyé. Fin du rapport Bon, ben, je vous souhaite bon courage !!!!! Laurent.

moK´s@ · Answer

salut laudela38

¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer ! 

puis rends toi sur ce site et fais analyser les dossier ci dessous:

http://virusscan.jotti.org/de/

C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\sbtkfugm.ini2
C:\WINDOWS\system32\sfsync02.dll 
C:\WINDOWS\system32	snp2std.exe 
C:\WINDOWS\system32snp2std.dll 
C:\Program Files\Common Files\snp2std 

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
 
C:\WINDOWS\jkkjh 


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

@+

raleuboleu · Answer

salut

tu te mok s@ c sure loool

merci a toi ^^

raleuboleu · Answer

de lote la tu c!!! la ral  ki va dans lbol!!! merde c bidon ca mdrrrrrrrrrrrrrrrrrrrrrrr

bizoux

moK´s@ · Answer

c´est la goutte ki fait deborder le bol...

raleuboleu · Answer

mais nannnnnnnnnnnnnnnnnnnnnn la tasse loool 

bizoux

Petit probleme avec virtumonde-bd

27 réponses

Discussions similaires

Newsletters