j'ai un probléme dee spyware je ne sias plus Résolu/Fermé

Question

bonjour! 
J'ai un gros problème depuis quelque temps, j'ai plusieur spyware sur mon PC
quand je fais une analyse avec SPYBOT il me trouve VIRTUMONDE BLUESTREAK FASTCLICK et TRADEDOUBLER.
DE plus quand la nuit mon PC reste allumé le landemin matin quand je le rallume il y a des tas de fichier du genre WIN7aF.TMP ils me bouffent toute la memoire.
J'ai tout essayer je n'arrive pas à les virer avec VUNDOFIX je ne sais plus quoi faire pitier aider moi.

tribun · Answer

bonjour, télécharge ,Spyware,terminator ici sur le forum , tape spyware terminator ,tu tombe dessus
fait une analyse approfondie pas rapide tout de suite , sa prend pas mal de temps ,le critique va être en rouge , et a la fin tu supprime tout de ton DD, bonne chance

tribun · Answer

puis tu le garde précieusement, car il te donne une protection en temps réel

kirchener · Answer

bah merci beaucoup j'essaye tout ca, puis j vous dis ca quand j'ai finis mon analyse.

kirchener · Answer

voila je viens de faire toutes les analyses avec spyware terminator mais en reverifiant avec spybot il met toujours que j ai les spyware DOUBLECLICK TRADEDOUBLER et VIRTUMONDE.

kirchener · Answer

personne pour m'aider ?

tribun · Answer

re bonjour, demarre spybot
clik sur aide , puis sur Search et destroyer,puis sur recherche
balayer le système,  lis le bien et suis les instructions 
pour supprimer tes spaywares a la fin de l'analyse, ce qui est cocher en rouge sais être supprimé
j'ai le même programme,

tribun · Answer

et dit moi spyware terminator n'à rien mentionné dans son analyse

tribun · Answer

a la fin de l'analyse, tu clic sur toutes les croix cochées en rouge, et tu clic sur corriger les problèmes 
ce qui est coché en rouge devient en vert.

kirchener · Answer

Non spyware terminator ne m'a rien mentioné de special. Merci pour l'aide j'ai viré quand meme 2 fichiers à haut risque mais il me reste quand meme des trucs, je verrais bien, pour l'instant j'ai plus de publicitées mais je ne le concidere pas encore tout a fait resolus parce que je ne sais comment ca va faire avec les fichier temporaires il m en a déjà recréé plein mais il ne se lance pas dans le gestionnaire des taches je verrais demain matin. Puis je n ai toujours pas viré VIRTUMONDE et je n'arrive vraiment pas à l'enlever avec VUNDOFIX.

kirchener · Answer

spywaree n'a rien changé mes pubs sont revenues des ce matin que dois-je faire ? aidez moi svp

Regis59 · Answer

Bienvenue sur le forum d’entraide de CommentCaMarche.net 

Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
Merci de votre compréhension.

Télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 

Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
	
Lance le puis: 
clique sur "do a system scan and save logfile" (cf démo) 
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/demohijack.htm
	
Bon courage

A+

kirchener · Answer

comme demandé voila mon rapport HIJACKTHIS: 


Logfile of HijackThis v1.99.1
Scan saved at 13:49:34, on 21/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6247682A-C262-4371-A5D7-BF3BCE550B11} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2191984-2E78-4444-834E-B89669BAAD92} - C:\WINDOWS\system32\geedc.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\mljgeda.dll
O2 - BHO: (no name) - {F01277D0-7EB3-456F-9D37-EE6B69B8BE3C} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {F8A9BE2A-4DBF-4630-9ED3-8E4147DDC8C2} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll
O20 - Winlogon Notify: mljgeda - C:\WINDOWS\SYSTEM32\mljgeda.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Regis59 · Answer

Ok :)

Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

Double-clique VundoFix.exe afin de le lancer. 
Coche Run VundoFix as a task. 
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok 
Clique sur le bouton Scan for Vundo. 
Lorsque le scan est complété, clique sur le bouton Remove Vundo. 
Une invite te demandera si tu veux supprimer les fichiers, clique YES 
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK 
Démarre ton PC à nouveau. 
Copie/colle le contenu du rapport situé dans C:\vundofix.txt.

Puis,

Télécharge Combofix sUBs : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, ne touche a rien pendant qu'il travaille, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

A++

kirchener · Answer

voila le rapport combo FIX : "kirchener" - 2007-07-21 14:12:40 - ComboFix 07-07-14.6 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\fcccawu.dll C:\WINDOWS\system32\gebbaab.dll C:\WINDOWS\system32\urqppmn.dll C:\WINDOWS\system32\vtutqpn.dll C:\WINDOWS\system32\fcccawu.dll C:\WINDOWS\system32\gebbaab.dll C:\WINDOWS\system32\urqppmn.dll C:\WINDOWS\system32\vtutqpn.dll C:\WINDOWS\system32\mljgeda.dll C:\WINDOWS\system32\mljgeda.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\epkoihuu.exe C:\WINDOWS\system32\gdpffmit.exe C:\WINDOWS\system32\gdxxnhvh.exe C:\WINDOWS\system32\gtamptst.exe C:\WINDOWS\system32\kkbdyiuw.exe C:\WINDOWS\system32\ohxykqvu.exe C:\WINDOWS\system32\pdyevlum.exe C:\WINDOWS\system32 jmmnwey.exe C:\WINDOWS\system32\uhngjver.exe C:\WINDOWS\system32\vgyfmpdl.exe C:\WINDOWS\system32\W007T32W.DLL C:\WINDOWS\system32\wgpyrpjw.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 ))))))))))))))))))))))))))))))) 2007-07-21 14:12 51,200 --a------ C:\WINDOWS ircmd.exe 2007-07-21 13:49 d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-07-19 14:08 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-07-19 13:23 d-------- C:\Program Files\Spyware Terminator 2007-07-19 13:23 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\Spyware Terminator 2007-07-19 13:23 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator 2007-07-18 20:22 d-------- C:\Program Files\Micro Application 2007-07-18 16:30 d-------- C:\Program Files\Lavasoft 2007-07-18 16:30 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-18 10:15 d-------- C:\Program Files\ThinkNet 2007-07-14 18:38 d-------- C:\VundoFix Backups 2007-07-12 14:26 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\ScanSoft 2007-07-12 14:19 d-------- C:\Program Files\Fichiers communs\Scansoft Shared 2007-07-12 14:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft 2007-07-12 14:18 d-------- C:\Program Files\ScanSoft 2007-07-12 14:17 d-------- C:\WINDOWS\speech 2007-07-12 10:32 d-------- C:\Program Files\CDisplay 2007-07-11 14:29 d-------- C:\Program Files\Combined Community Codec Pack 2007-07-02 21:27 d-------- C:\Program Files\Artefacts Studio 2007-06-30 18:11 1,726 --a------ C:\WINDOWS\system32 mp.reg 2007-06-30 17:16 6,108 --a------ C:\dnsbak.reg 2007-06-30 16:22 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-06-29 20:30 d-------- C:\Program Files\a-squared Free 2007-06-27 11:59 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\ItsLabel 2007-06-27 11:58 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\EoRezo 2007-06-22 18:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-06-22 18:25 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-06-22 18:25 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-06-22 18:25 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-06-22 18:24 d-------- C:\WINDOWS\system32\AGEIA 2007-06-22 18:24 d-------- C:\Program Files\AGEIA Technologies 2007-06-22 18:18 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\dp3d 2007-06-22 18:17 d-------- C:\Program Files\Two Worlds Pinball 2007-06-22 18:11 d-------- C:\Program Files\Reality Pump 2007-06-21 13:15 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\SystemRequirementsLab 2007-06-21 10:17 d-------- C:\Program Files\Mindscape (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-21 12:09:47 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\Azureus 2007-07-21 11:49:34 -------- d-----w C:\Program Files\Hijackthis Version Française 2007-07-19 16:10:23 -------- d-----w C:\Program Files\World of Warcraft 2007-07-19 11:07:36 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\OpenOffice.org2 2007-07-18 18:21:59 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-18 14:30:19 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\Lavasoft 2007-07-18 14:29:13 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-12 16:49:14 541,290 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-12 16:49:13 90,974 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 15:56:38 -------- d-----w C:\Program Files\MatroskaProp 2007-07-11 10:36:09 -------- d-----w C:\Program Files\Matroska Pack 2007-07-06 08:47:11 -------- d-----w C:\Program Files\MSN Messenger 2007-07-05 15:44:00 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-06-22 09:14:21 -------- d-----w C:\Program Files\Azureus 2007-06-20 13:49:40 -------- d-----w C:\Program Files\WowCartographe 2007-06-18 09:12:52 -------- d-----w C:\Program Files\Fichiers communs\Cheewoo 2007-06-18 09:12:31 -------- d-----w C:\Program Files\Cheewoo 2007-06-16 11:42:03 51,650 ----a-w C:\WINDOWS\htrefreghreger.exe 2007-06-14 19:37:10 -------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-06-14 13:50:55 71,625 ----a-w C:\WINDOWS wesdwdewewd.exe 2007-06-14 13:26:50 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-06-14 13:08:39 -------- d-----w C:\Program Files\Sygate 2007-06-14 10:04:46 0 ----a-w C:\WINDOWS sreg.dat 2007-06-09 09:57:14 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared 2007-06-09 09:17:16 -------- d-----w C:\Program Files\MSXML 4.0 2007-06-08 16:37:28 -------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-06-05 09:29:22 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\Gearbox Software 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-06-04 06:40:02 -------- d--h--r C:\DOCUME~1\KIRCHE~1\APPLIC~1\SecuROM 2007-06-04 06:40:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-01 08:50:32 -------- d-----w C:\Program Files\DivX 2007-05-31 11:31:27 -------- d-----w C:\Program Files\Fichiers communs\DirectX 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-05-29 10:20:33 -------- d-----w C:\Program Files\Canon 2007-05-28 08:06:07 -------- d-----w C:\Program Files\directx 2007-05-27 10:44:28 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\InstallShield 2007-05-22 09:21:45 -------- d-----w C:\Program Files\CONEXANT 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-07 11:59:32 2,553 ----a-w C:\WINDOWS\system32\sdbackup.reg 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2004-08-05 12:00:00 87,057 --sh--r C:\WINDOWS\system32\comyobap.exe 2004-08-05 12:00:00 75,017 --sh--r C:\WINDOWS\system32\edconss.exe 2004-08-05 12:00:00 70,376 --sh--r C:\WINDOWS\system32\escsn.exe 2004-08-05 12:00:00 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe 2004-08-05 12:00:00 72,458 --sh--r C:\WINDOWS\system32 dsruns.exe 2004-08-05 12:00:00 51,650 --sh--r C:\WINDOWS\system32\xmlemppt.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6247682A-C262-4371-A5D7-BF3BCE550B11}] C:\WINDOWS\system32\mljji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2191984-2E78-4444-834E-B89669BAAD92}] C:\WINDOWS\system32\geedc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F01277D0-7EB3-456F-9D37-EE6B69B8BE3C}] C:\WINDOWS\system32\pmnno.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8A9BE2A-4DBF-4630-9ED3-8E4147DDC8C2}] C:\WINDOWS\system32\vtsqo.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32 vmctray.dll] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-21 02:34] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-07-19 13:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\winmqx32] winmqx32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{075e67eb-2303-11dc-a114-000c6ebc693d}] AutoRun\command- F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7644764d-0205-11dc-a0da-000c6ebc693d}] AutoRun\command- I:\autorun\autorun.exe ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-21 14:18:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-21 14:19:12 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-21 14:18 --- E O F --- et le rapport HIJACKTHIS : Logfile of HijackThis v1.99.1 Scan saved at 14:20:09, on 21/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32 otepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6247682A-C262-4371-A5D7-BF3BCE550B11} - C:\WINDOWS\system32\mljji.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A2191984-2E78-4444-834E-B89669BAAD92} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: (no name) - {F01277D0-7EB3-456F-9D37-EE6B69B8BE3C} - C:\WINDOWS\system32\pmnno.dll (file missing) O2 - BHO: (no name) - {F8A9BE2A-4DBF-4630-9ED3-8E4147DDC8C2} - C:\WINDOWS\system32\vtsqo.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Regis59 · Answer

ok

As tu le rapport de Vundofix?

A quel moment as tu fais Combofix, avant ou apres Vundofix?

A+

kirchener · Answer

voila le rapport VUNDOFIX j sais pas pourquoi j l'ai bien executé avant combo comme demandé 


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:38:21 14/07/2007

Listing files found while scanning....

C:\windows\system32\awtrrpm.dll
C:\windows\system32\efcbbcy.dll
C:\windows\system32\gpskdwix.dll
C:\windows\system32\hbpcmtsy.dll
C:\WINDOWS\system32\hvtbewfq.dll
C:\windows\system32
nnmkhe.dll
C:\WINDOWS\system32
xsqhnvu.dll
C:\windows\system32\opnmmmk.dll
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.tmp
C:\windows\system32\uvnhqsxn.ini
C:\WINDOWS\system32\vtsqo.dll
C:\windows\system32\xiwdkspg.ini
C:\windows\system32\ystmcpbh.ini

Beginning removal...

 Attempting to delete C:\windows\system32\awtrrpm.dll
C:\windows\system32\awtrrpm.dll Has been deleted!

 Attempting to delete C:\windows\system32\efcbbcy.dll
C:\windows\system32\efcbbcy.dll Has been deleted!

 Attempting to delete C:\windows\system32\gpskdwix.dll
C:\windows\system32\gpskdwix.dll Has been deleted!

 Attempting to delete C:\windows\system32\hbpcmtsy.dll
C:\windows\system32\hbpcmtsy.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hvtbewfq.dll
C:\WINDOWS\system32\hvtbewfq.dll Has been deleted!

 Attempting to delete C:\windows\system32
nnmkhe.dll
C:\windows\system32
nnmkhe.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
xsqhnvu.dll
C:\WINDOWS\system32
xsqhnvu.dll Has been deleted!

 Attempting to delete C:\windows\system32\opnmmmk.dll
C:\windows\system32\opnmmmk.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\oqstv.tmp Has been deleted!

 Attempting to delete C:\windows\system32\uvnhqsxn.ini
C:\windows\system32\uvnhqsxn.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqo.dll Has been deleted!

 Attempting to delete C:\windows\system32\xiwdkspg.ini
C:\windows\system32\xiwdkspg.ini Has been deleted!

 Attempting to delete C:\windows\system32\ystmcpbh.ini
C:\windows\system32\ystmcpbh.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:48:28 14/07/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 19:14:20 14/07/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:59:25 19/07/2007

Listing files found while scanning....

C:\windows\system32\bifolouo.dll
C:\WINDOWS\system32\efcbbcy.dll
C:\windows\system32\eyudnyyi.dll
C:\windows\system32\ircxfter.ini
C:\windows\system32\kcxkvlmn.dll
C:\windows\system32\lcwpikrf.dll
C:\windows\system32\mahhbdvb.dll
C:\windows\system32\mhcybact.dll
C:\windows\system32
ibcshmq.dll
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.tmp
C:\WINDOWS\system32\ouolofib.ini
C:\WINDOWS\system32\pmnno.dll
C:\windows\system32\qmxhabmy.ini
C:\WINDOWS\system32\qupxuenn.dll
C:\windows\system32etfxcri.dll
C:\windows\system32\uaoonnmu.ini
C:\windows\system32\uayxnsvt.dll
C:\windows\system32\umnnooau.dll
C:\windows\system32\vngthdqw.dll
C:\windows\system32\wqdhtgnv.ini
C:\windows\system32\ymbahxmq.dll

Beginning removal...

 Attempting to delete C:\windows\system32\bifolouo.dll
C:\windows\system32\bifolouo.dll Could not be deleted.

 Attempting to delete C:\windows\system32\eyudnyyi.dll
C:\windows\system32\eyudnyyi.dll Has been deleted!

 Attempting to delete C:\windows\system32\ircxfter.ini
C:\windows\system32\ircxfter.ini Has been deleted!

 Attempting to delete C:\windows\system32\kcxkvlmn.dll
C:\windows\system32\kcxkvlmn.dll Has been deleted!

 Attempting to delete C:\windows\system32\lcwpikrf.dll
C:\windows\system32\lcwpikrf.dll Has been deleted!

 Attempting to delete C:\windows\system32\mahhbdvb.dll
C:\windows\system32\mahhbdvb.dll Has been deleted!

 Attempting to delete C:\windows\system32\mhcybact.dll
C:\windows\system32\mhcybact.dll Has been deleted!

 Attempting to delete C:\windows\system32
ibcshmq.dll
C:\windows\system32
ibcshmq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\onnmp.tmp
C:\WINDOWS\system32\onnmp.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ouolofib.ini
C:\WINDOWS\system32\ouolofib.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnno.dll Has been deleted!

 Attempting to delete C:\windows\system32\qmxhabmy.ini
C:\windows\system32\qmxhabmy.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qupxuenn.dll
C:\WINDOWS\system32\qupxuenn.dll Has been deleted!

 Attempting to delete C:\windows\system32etfxcri.dll
C:\windows\system32etfxcri.dll Has been deleted!

 Attempting to delete C:\windows\system32\uaoonnmu.ini
C:\windows\system32\uaoonnmu.ini Has been deleted!

 Attempting to delete C:\windows\system32\uayxnsvt.dll
C:\windows\system32\uayxnsvt.dll Has been deleted!

 Attempting to delete C:\windows\system32\umnnooau.dll
C:\windows\system32\umnnooau.dll Has been deleted!

 Attempting to delete C:\windows\system32\vngthdqw.dll
C:\windows\system32\vngthdqw.dll Has been deleted!

 Attempting to delete C:\windows\system32\wqdhtgnv.ini
C:\windows\system32\wqdhtgnv.ini Has been deleted!

 Attempting to delete C:\windows\system32\ymbahxmq.dll
C:\windows\system32\ymbahxmq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:06:08 19/07/2007

Listing files found while scanning....

C:\windows\system32\bifolouo.dll

Beginning removal...

 Attempting to delete C:\windows\system32\bifolouo.dll
C:\windows\system32\bifolouo.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:11:57 19/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\mljji.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 14:06:39 21/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini2
C:\WINDOWS\system32\cdeeg.tmp
C:\windows\system32\cgdrjfcy.dll
C:\windows\system32\cpkhacjv.dll
C:\windows\system32\flmwdnvs.dll
C:\windows\system32\fpfvjwbl.dll
C:\WINDOWS\system32\geedc.dll
C:\windows\system32\jjorfoqe.dll
C:\windows\system32byimaid.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cdeeg.ini2
C:\WINDOWS\system32\cdeeg.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cdeeg.tmp
C:\WINDOWS\system32\cdeeg.tmp Has been deleted!

 Attempting to delete C:\windows\system32\cgdrjfcy.dll
C:\windows\system32\cgdrjfcy.dll Has been deleted!

 Attempting to delete C:\windows\system32\cpkhacjv.dll
C:\windows\system32\cpkhacjv.dll Has been deleted!

 Attempting to delete C:\windows\system32\flmwdnvs.dll
C:\windows\system32\flmwdnvs.dll Has been deleted!

 Attempting to delete C:\windows\system32\fpfvjwbl.dll
C:\windows\system32\fpfvjwbl.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedc.dll Has been deleted!

 Attempting to delete C:\windows\system32\jjorfoqe.dll
C:\windows\system32\jjorfoqe.dll Has been deleted!

 Attempting to delete C:\windows\system32byimaid.dll
C:\windows\system32byimaid.dll Has been deleted!

Performing Repairs to the registry.
Done!

Regis59 · Answer

Re,

Télécharge OTMoveIt
 http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\fcccawu.dll
C:\WINDOWS\system32\gebbaab.dll
C:\WINDOWS\system32\urqppmn.dll
C:\WINDOWS\system32\vtutqpn.dll
C:\WINDOWS\system32\fcccawu.dll
C:\WINDOWS\system32\gebbaab.dll
C:\WINDOWS\system32\urqppmn.dll
C:\WINDOWS\system32\vtutqpn.dll
C:\WINDOWS\system32\mljgeda.dll
C:\WINDOWS\system32\mljgeda.dll
C:\WINDOWS\system32\epkoihuu.exe
C:\WINDOWS\system32\gdpffmit.exe
C:\WINDOWS\system32\gdxxnhvh.exe
C:\WINDOWS\system32\gtamptst.exe
C:\WINDOWS\system32\kkbdyiuw.exe
C:\WINDOWS\system32\ohxykqvu.exe
C:\WINDOWS\system32\pdyevlum.exe
C:\WINDOWS\system32	jmmnwey.exe
C:\WINDOWS\system32\uhngjver.exe
C:\WINDOWS\system32\vgyfmpdl.exe 
C:\WINDOWS\system32\wgpyrpjw.exe 
C:\WINDOWS\htrefreghreger.exe 
C:\WINDOWS	wesdwdewewd.exe 

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau HijackThis.

Rajoute un rapport Combofix car il en restera a supprimer...

A+

kirchener · Answer

voila pour OTMOVIT

File/Folder C:\WINDOWS\system32\fcccawu.dll not found.
File/Folder C:\WINDOWS\system32\gebbaab.dll not found.
File/Folder C:\WINDOWS\system32\urqppmn.dll not found.
File/Folder C:\WINDOWS\system32\vtutqpn.dll not found.
File/Folder C:\WINDOWS\system32\fcccawu.dll not found.
File/Folder C:\WINDOWS\system32\gebbaab.dll not found.
File/Folder C:\WINDOWS\system32\urqppmn.dll not found.
File/Folder C:\WINDOWS\system32\vtutqpn.dll not found.
File/Folder C:\WINDOWS\system32\mljgeda.dll not found.
File/Folder C:\WINDOWS\system32\mljgeda.dll not found.
File/Folder C:\WINDOWS\system32\epkoihuu.exe not found.
File/Folder C:\WINDOWS\system32\gdpffmit.exe not found.
File/Folder C:\WINDOWS\system32\gdxxnhvh.exe not found.
File/Folder C:\WINDOWS\system32\gtamptst.exe not found.
File/Folder C:\WINDOWS\system32\kkbdyiuw.exe not found.
File/Folder C:\WINDOWS\system32\ohxykqvu.exe not found.
File/Folder C:\WINDOWS\system32\pdyevlum.exe not found.
File/Folder C:\WINDOWS\system32	jmmnwey.exe not found.
File/Folder C:\WINDOWS\system32\uhngjver.exe not found.
File/Folder C:\WINDOWS\system32\vgyfmpdl.exe not found.
File/Folder C:\WINDOWS\system32\wgpyrpjw.exe not found.
C:\WINDOWS\htrefreghreger.exe moved successfully.
C:\WINDOWS	wesdwdewewd.exe moved successfully.
 
Created on 07/21/2007 15:43:13



et voila pour HIJACKTHIS : 

Logfile of HijackThis v1.99.1
Scan saved at 15:46:08, on 21/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\kirchener\Bureau\OTMoveIt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6247682A-C262-4371-A5D7-BF3BCE550B11} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2191984-2E78-4444-834E-B89669BAAD92} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {F01277D0-7EB3-456F-9D37-EE6B69B8BE3C} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {F8A9BE2A-4DBF-4630-9ED3-8E4147DDC8C2} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Regis59 · Answer

Ok.

¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O2 - BHO: (no name) - {6247682A-C262-4371-A5D7-BF3BCE550B11} - C:\WINDOWS\system32\mljji.dll (file missing)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A2191984-2E78-4444-834E-B89669BAAD92} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {F01277D0-7EB3-456F-9D37-EE6B69B8BE3C} - C:\WINDOWS\system32\pmnno.dll (file missing)

O2 - BHO: (no name) - {F8A9BE2A-4DBF-4630-9ED3-8E4147DDC8C2} - C:\WINDOWS\system32\vtsqo.dll (file missing)

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing) 

Ferme HijackThis.


Redemarre ton PC et remet moi un nouveau Hijackthis et un nouveau combofix stp

A+

kirchener · Answer

j'met deja le rapporrt HIJACKTHIS et je m occupe de COMBOFIX de suite 


Logfile of HijackThis v1.99.1
Scan saved at 16:07:09, on 21/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

kirchener · Answer

et voila pour combofix "kirchener" - 2007-07-21 16:09:44 - ComboFix 07-07-14.6 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 ))))))))))))))))))))))))))))))) 2007-07-21 14:12 51,200 --a------ C:\WINDOWS ircmd.exe 2007-07-21 13:49 d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-07-19 14:08 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-07-19 13:23 d-------- C:\Program Files\Spyware Terminator 2007-07-19 13:23 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\Spyware Terminator 2007-07-19 13:23 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator 2007-07-18 20:22 d-------- C:\Program Files\Micro Application 2007-07-18 16:30 d-------- C:\Program Files\Lavasoft 2007-07-18 16:30 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-18 10:15 d-------- C:\Program Files\ThinkNet 2007-07-14 18:38 d-------- C:\VundoFix Backups 2007-07-12 14:26 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\ScanSoft 2007-07-12 14:19 d-------- C:\Program Files\Fichiers communs\Scansoft Shared 2007-07-12 14:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft 2007-07-12 14:18 d-------- C:\Program Files\ScanSoft 2007-07-12 14:17 d-------- C:\WINDOWS\speech 2007-07-12 10:32 d-------- C:\Program Files\CDisplay 2007-07-11 14:29 d-------- C:\Program Files\Combined Community Codec Pack 2007-07-02 21:27 d-------- C:\Program Files\Artefacts Studio 2007-06-30 18:11 1,726 --a------ C:\WINDOWS\system32 mp.reg 2007-06-30 17:16 6,108 --a------ C:\dnsbak.reg 2007-06-30 16:22 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-06-29 20:30 d-------- C:\Program Files\a-squared Free 2007-06-27 11:59 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\ItsLabel 2007-06-27 11:58 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\EoRezo 2007-06-22 18:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-06-22 18:25 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-06-22 18:25 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-06-22 18:25 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-06-22 18:24 d-------- C:\WINDOWS\system32\AGEIA 2007-06-22 18:24 d-------- C:\Program Files\AGEIA Technologies 2007-06-22 18:18 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\dp3d 2007-06-22 18:17 d-------- C:\Program Files\Two Worlds Pinball 2007-06-22 18:11 d-------- C:\Program Files\Reality Pump 2007-06-21 13:15 d-------- C:\DOCUME~1\KIRCHE~1\APPLIC~1\SystemRequirementsLab 2007-06-21 10:17 d-------- C:\Program Files\Mindscape (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-21 14:07:01 -------- d-----w C:\Program Files\Hijackthis Version Française 2007-07-21 12:47:30 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\Azureus 2007-07-19 16:10:23 -------- d-----w C:\Program Files\World of Warcraft 2007-07-19 11:07:36 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\OpenOffice.org2 2007-07-18 18:21:59 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-18 14:30:19 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\Lavasoft 2007-07-18 14:29:13 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-12 16:49:14 541,290 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-12 16:49:13 90,974 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 15:56:38 -------- d-----w C:\Program Files\MatroskaProp 2007-07-11 10:36:09 -------- d-----w C:\Program Files\Matroska Pack 2007-07-06 08:47:11 -------- d-----w C:\Program Files\MSN Messenger 2007-07-05 15:44:00 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-06-22 09:14:21 -------- d-----w C:\Program Files\Azureus 2007-06-20 13:49:40 -------- d-----w C:\Program Files\WowCartographe 2007-06-18 09:12:52 -------- d-----w C:\Program Files\Fichiers communs\Cheewoo 2007-06-18 09:12:31 -------- d-----w C:\Program Files\Cheewoo 2007-06-14 19:37:10 -------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-06-14 13:26:50 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-06-14 13:08:39 -------- d-----w C:\Program Files\Sygate 2007-06-14 10:04:46 0 ----a-w C:\WINDOWS sreg.dat 2007-06-09 09:57:14 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared 2007-06-09 09:17:16 -------- d-----w C:\Program Files\MSXML 4.0 2007-06-08 16:37:28 -------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-06-05 09:29:22 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\Gearbox Software 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-06-04 06:40:02 -------- d--h--r C:\DOCUME~1\KIRCHE~1\APPLIC~1\SecuROM 2007-06-04 06:40:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-01 08:50:32 -------- d-----w C:\Program Files\DivX 2007-05-31 11:31:27 -------- d-----w C:\Program Files\Fichiers communs\DirectX 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-05-29 10:20:33 -------- d-----w C:\Program Files\Canon 2007-05-28 08:06:07 -------- d-----w C:\Program Files\directx 2007-05-27 10:44:28 -------- d-----w C:\DOCUME~1\KIRCHE~1\APPLIC~1\InstallShield 2007-05-22 09:21:45 -------- d-----w C:\Program Files\CONEXANT 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-07 11:59:32 2,553 ----a-w C:\WINDOWS\system32\sdbackup.reg 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2004-08-05 12:00:00 87,057 --sh--r C:\WINDOWS\system32\comyobap.exe 2004-08-05 12:00:00 75,017 --sh--r C:\WINDOWS\system32\edconss.exe 2004-08-05 12:00:00 70,376 --sh--r C:\WINDOWS\system32\escsn.exe 2004-08-05 12:00:00 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe 2004-08-05 12:00:00 72,458 --sh--r C:\WINDOWS\system32 dsruns.exe 2004-08-05 12:00:00 51,650 --sh--r C:\WINDOWS\system32\xmlemppt.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32 vmctray.dll] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-21 02:34] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-07-19 13:28] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{075e67eb-2303-11dc-a114-000c6ebc693d}] AutoRun\command- F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7644764d-0205-11dc-a0da-000c6ebc693d}] AutoRun\command- I:\autorun\autorun.exe ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-21 16:13:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-21 16:15:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-21 16:15 C:\ComboFix2.txt ... 2007-07-21 14:19 --- E O F ---

Regis59 · Answer

Re,

Peux tu analyser 5 fichiers stp:

C:\WINDOWS\system32\comyobap.exe
C:\WINDOWS\system32\edconss.exe
C:\WINDOWS\system32\escsn.exe
C:\WINDOWS\system32\ikern32.exe
C:\WINDOWS\system32\rdsruns.exe
C:\WINDOWS\system32\xmlemppt.exe 

Vas sur le site https://virusscan.jotti.org/ 
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : 
Cherche le 1er fichier de la liste ci dessu!
- Clic sur submit toujours en haut à droite 
- Le scan va se lancer, ça va prendre un petit instant 
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici. 
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

Merci :)

kirchener · Answer

voila pour comyobap 

Service load:  0%        100%  
 
File:  comyobap.exe  
Status:  INFECTED/MALWARE  
MD5:  e5deb29a78571abd3b8405b7fd882e7f  
Packers detected:  - 
Bit9 reports:  No threat detected (more info)  
 
Scanner results  
Scan taken on 21 Jul 2007 14:33:30 (GMT)  
A-Squared  Found nothing 
AntiVir  Found TR/Crypt.PCMM.Gen  
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found IRC/BackDoor.SdBot3.CCI  
BitDefender  Found Backdoor.SDBot.DEOM  
ClamAV  Found Trojan.SdBot-6319  
CPsecure  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found Backdoor.Win32.SdBot.baa  
Fortinet  Found W32/SDBot.BAA!tr.bdr  
Kaspersky Anti-Virus  Found Backdoor.Win32.SdBot.baa  
NOD32  Found IRC/SdBot  
Norman Virus Control  Found W32/SDBot.AQTM  
Panda Antivirus  Found nothing 
Rising Antivirus  Found Backdoor.Win32.SdBot.h  
Sophos Antivirus  Found Mal/EncPk-AC  
VirusBuster  Found nothing 
VBA32  Found Backdoor.Win32.SdBot.baa

kirchener · Answer

voila pour edconss


Service load:  0%        100%  
 
File:  edconss.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5:  d0977fe68abe69160f6a002a1b1ce0d6  
Packers detected:  - 
Bit9 reports:  File not found  
 
Scanner results  
Scan taken on 21 Jul 2007 14:40:26 (GMT)  
A-Squared  Found nothing 
AntiVir  Found TR/Crypt.PCMM.Gen  
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found Downloader.Tibs.6.C  
BitDefender  Found Trojan.Proxy.Slaper.P  
ClamAV  Found nothing 
CPsecure  Found nothing 
Dr.Web  Found BackDoor.Mailbot  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found Trojan-Proxy.Win32.Slaper.p  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan-Proxy.Win32.Slaper.p  
NOD32  Found nothing 
Norman Virus Control  Found nothing 
Panda Antivirus  Found Trj/Agent.FTR  
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/EncPk-AC  
VirusBuster  Found nothing 
VBA32  Found nothing

kirchener · Answer

pour escsn


Service load:  0%        100%  
 
File:  escsn.exe  
Status:  INFECTED/MALWARE  
MD5:  e2a88b2a28f17a0a736c2d8769c08832  
Packers detected:  - 
Bit9 reports:  No threat detected (more info)  
 
Scanner results  
Scan taken on 21 Jul 2007 14:45:58 (GMT)  
A-Squared  Found nothing 
AntiVir  Found TR/Crypt.PCMM.Gen  
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found Proxy.QEG  
BitDefender  Found Trojan.Proxy.Slaper.N  
ClamAV  Found nothing 
CPsecure  Found nothing 
Dr.Web  Found BackDoor.Mailbot  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found Trojan-Proxy.Win32.Slaper.n  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan-Proxy.Win32.Slaper.n  
NOD32  Found nothing 
Norman Virus Control  Found nothing 
Panda Antivirus  Found W32/Mailbot.DL.worm  
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/EncPk-AC  
VirusBuster  Found nothing 
VBA32  Found BackDoor.Mailbot

kirchener · Answer

et pour ikern32




Service load:  0%        100%  
 
File:  ikern32.exe  
Status:  INFECTED/MALWARE  
MD5:  d9a5898ea6c36e25e6c84a73987a91e1  
Packers detected:  - 
Bit9 reports:  No threat detected (more info)  
 
Scanner results  
Scan taken on 21 Jul 2007 14:50:37 (GMT)  
A-Squared  Found nothing 
AntiVir  Found TR/Crypt.PCMM.Gen  
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found Downloader.Tibs.5.AZ  
BitDefender  Found Trojan.Proxy.Slaper.P  
ClamAV  Found nothing 
CPsecure  Found nothing 
Dr.Web  Found BackDoor.Mailbot  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found Trojan-Proxy.Win32.Slaper.p  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan-Proxy.Win32.Slaper.p  
NOD32  Found nothing 
Norman Virus Control  Found nothing 
Panda Antivirus  Found Trj/Mailbot.AZ  
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/EncPk-AC  
VirusBuster  Found nothing 
VBA32  Found BackDoor.Mailbot

kirchener · Answer

pour rdsruns


Service load:  0%        100%  
 
File:  rdsruns.exe  
Status:  INFECTED/MALWARE  
MD5:  f074f6c851c078c19caf73632aee57ad  
Packers detected:  - 
Bit9 reports:  File not found  
 
Scanner results  
Scan taken on 21 Jul 2007 14:54:23 (GMT)  
A-Squared  Found nothing 
AntiVir  Found TR/Crypt.PCMM.Gen  
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found Downloader.Tibs.5.AZ  
BitDefender  Found Trojan.Proxy.Slaper.U  
ClamAV  Found nothing 
CPsecure  Found Troj.Proxy.W32.Slaper.U  
Dr.Web  Found BackDoor.Mailbot  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found Trojan-Proxy.Win32.Slaper.u  
Fortinet  Found W32/Slaper.U!tr  
Kaspersky Anti-Virus  Found Trojan-Proxy.Win32.Slaper.u  
NOD32  Found nothing 
Norman Virus Control  Found W32/Slaper.FN  
Panda Antivirus  Found nothing 
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/EncPk-AC  
VirusBuster  Found nothing 
VBA32  Found Trojan-Proxy.Win32.Slaper.u

kirchener · Answer

et le petit dernier xmlemppt

Service load:  0%        100%  
 
File:  xmlemppt.exe  
Status:  INFECTED/MALWARE  
MD5:  c84e59ef8d4e831eea34385dc3285f9a  
Packers detected:  - 
Bit9 reports:  No threat detected (more info)  
 
Scanner results  
Scan taken on 21 Jul 2007 14:58:46 (GMT)  
A-Squared  Found nothing 
AntiVir  Found TR/Crypt.PCMM.Gen  
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found SpamTool.ACA  
BitDefender  Found Trojan.Proxy.Slaper.P  
ClamAV  Found nothing 
CPsecure  Found nothing 
Dr.Web  Found BackDoor.Mailbot  
F-Prot Antivirus  Found W32/Trojan.AWMZ  
F-Secure Anti-Virus  Found Trojan-Proxy.Win32.Slaper.p  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan-Proxy.Win32.Slaper.p  
NOD32  Found Win32/SpamTool.Agent.NAE  
Norman Virus Control  Found W32/Malware.XUL  
Panda Antivirus  Found Bck/Agent.FTS  
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/EncPk-AC  
VirusBuster  Found nothing 
VBA32  Found BackDoor.Mailbot  



voili voilou j'espere que c'etait bien ca qu'il fallai faire et que ca va servir

Regis59 · Answer

Re,

Avast une vraie passoire....Changer d'antivirus ne t'interresses pas?

Avec Otmoveit, supprime ceci:
C:\WINDOWS\system32\comyobap.exe
C:\WINDOWS\system32\edconss.exe
C:\WINDOWS\system32\escsn.exe
C:\WINDOWS\system32\ikern32.exe
C:\WINDOWS\system32\rdsruns.exe
C:\WINDOWS\system32\xmlemppt.exe 

A+

kirchener · Answer

voila le rapport MOVEIT 

C:\WINDOWS\system32\comyobap.exe moved successfully.
C:\WINDOWS\system32\edconss.exe moved successfully.
C:\WINDOWS\system32\escsn.exe moved successfully.
C:\WINDOWS\system32\ikern32.exe moved successfully.
C:\WINDOWS\system32\rdsruns.exe moved successfully.
C:\WINDOWS\system32\xmlemppt.exe moved successfully.
 
Created on 07/21/2007 17:40:21


Que me connseillerais tu comme antivirus ? 
considere tu le probleme comme resolu 
merci de m'aider

Regis59 · Answer

Salut

Ou en sont tes soucis? Ceux du départ??

Je te propose a la place d'Avast, l'antivirus gratuit Antivir.
Il est certes en anglais mais sa réactivité est tres forte. De plus, il n y a que qqs mots anglais a connaitre, rien de bien méchant.

Qu'en penses tu?

A+

kirchener · Answer

bah par apport au debut je n' ai plus de fichier temporaire dans mon gestionnaire des taches je n ai plus de PUB enfin a l'heure qu'il est mais ne faisant une derniere analyse avec spybot il me trouve encore 1 spyware FastCLick mais bon tant qu il ne me derange pas ca va. merci bien de votre aide et je vais voir a changer d'antivirus.

Regis59 · Answer

Salut,

Je pense qu'il ne faut pas réagir comme ca!
Pourquoi?

Tu me dis, j ai un malware (ok ca arrive) mais tu me dis "tant qu il m embete pas je m'en fou."
Donc si je t installe un trojan pour t'espionner, pour prendre tes coordonnees bancaires etc... tant que ton antivirus te dis rien, tu t'en fous aussi?

Je pense que tu devrais te soucier un peu plus de ton pc :-)
Y'a des malwares, on les extermine mais on a attend pas qu il t'embete, non?

Télécharge Antivir:
antivir

Désinstalles Avast et installe Antivir.

Une fois fait, scanne ton PC avec Antivir si tu as le temps, sinon, c est pas grave; il le fera en scanne résident.

Essaie de corriger les problemes avec Spybot, s'il est toujours présent, tu copie/colle le rapport de Spybot ici.

A+

kirchener · Answer

voila le rapport SPYBOT :



--- Search result list ---
DoubleClick: Cookie traceur (Firefox: default) (Cookie, nothing done)
  

FastClick: Cookie traceur (Firefox: default) (Cookie, nothing done)
  

FastClick: Cookie traceur (Firefox: default) (Cookie, nothing done)
  

FastClick: Cookie traceur (Firefox: default) (Cookie, nothing done)
  

FastClick: Cookie traceur (Firefox: default) (Cookie, nothing done)
  

MediaPlex: Cookie traceur (Firefox: default) (Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-18 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-18 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-18 Includes\HijackersC.sbi (*)
2007-07-11 Includes\Keyloggers.sbi (*)
2007-07-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-07-18 Includes\Malware.sbi (*)
2007-07-18 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-18 Includes\PUPSC.sbi (*)
2007-07-18 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-18 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-18 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-18 Includes\Trojans.sbi (*)
2007-07-18 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. 

If you later install a more recent service pack, this Security Update will be uninstalled automatically. 

For more information, visit https://support.microsoft.com/en-us/help/917283/ms06-033-a-vulnerability-in-asp-net-could-allow-information-disclosure
 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. 

If you later install a more recent service pack, this Security Update will be uninstalled automatically. 

For more information, visit https://support.microsoft.com/en-us/help/922770
 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. 

If you later install a more recent service pack, this Security Update will be uninstalled automatically. 

For more information, visit https://support.microsoft.com/en-us/help/928365/description-of-the-security-update-for-the-net-framework-2-0-for-windo
 / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
 / Step By Step Interactive Training / SP2: Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
 / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
 / Windows / SP1: Microsoft National Language Support Downlevel APIs
 / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
 / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
 / Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
 / Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. 

If you later install a more recent service pack, this Hotfix will be uninstalled automatically. 

For more information, visit https://support.microsoft.com/en-us/help/932471
 / Windows XP: Mise à jour de sécurité pour Windows XP (KB923689)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
 / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
 / Windows XP / SP3: Correctif Windows XP - KB873339
 / Windows XP / SP3: Correctif Windows XP - KB883667
 / Windows XP / SP3: Correctif Windows XP - KB885250
 / Windows XP / SP3: Correctif Windows XP - KB885835
 / Windows XP / SP3: Correctif Windows XP - KB885836
 / Windows XP / SP3: Correctif Windows XP - KB886185
 / Windows XP / SP3: Correctif Windows XP - KB887472
 / Windows XP / SP3: Correctif Windows XP - KB888113

Regis59 · Answer

OK

Tu as installé Antivir?

Ce sont des cookies, rien de grave, as tu ccleaner par exemple?

A+

kirchener · Answer

voila j ai installé antivir je fai une analyse complete de mon disc dur . non je n'ai pas Ccleaner.

kirchener · Answer

j'ai finis de scanner avec ANTIVIR voila le rapport 


AntiVir PersonalEdition Classic
Report file date: dimanche 22 juillet 2007  14:31

Scanning for 973000 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         kirchener
Computer name:    CCCP-E51810C423

Version information:
BUILD.DAT    : 247           14437 Bytes  10/05/2007 11:55:00
AVSCAN.EXE   : 7.0.4.15     282664 Bytes  20/04/2007 11:37:14
AVSCAN.DLL   : 7.0.4.4       33832 Bytes  27/03/2007 11:31:54
LUKE.DLL     : 7.0.4.11     143400 Bytes  27/03/2007 11:26:04
LUKERES.DLL  : 7.0.4.0       10280 Bytes  19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1    7371264 Bytes  31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129  7251968 Bytes  10/07/2007 12:27:57
ANTIVIR2.VDF : 6.39.0.148   395776 Bytes  16/07/2007 12:27:57
ANTIVIR3.VDF : 6.39.0.175   345088 Bytes  21/07/2007 12:27:57
AVEWIN32.DLL : 7.4.0.44    2499072 Bytes  22/07/2007 12:27:57
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 09:36:26
AVPREF.DLL   : 7.0.2.1       24616 Bytes  27/03/2007 11:31:50
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13     360488 Bytes  22/07/2007 12:27:57
AVREG.DLL    : 7.0.1.2       31784 Bytes  15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18      86056 Bytes  27/03/2007 11:16:05
AVARKT.DLL   : 1.0.0.17     278568 Bytes  02/05/2007 10:32:26
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 10:09:42
RCIMAGE.DLL  : 7.0.1.15    2228264 Bytes  13/03/2007 09:46:18
RCTEXT.DLL   : 7.0.45.0      86056 Bytes  19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 22 juillet 2007  14:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Spywareterminatorshield.Exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'A:\'
      [NOTE]      In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '10' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\kirchener\Bureau\VundoFix.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.69632
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\epkoihuu.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\fcccawu.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gdpffmit.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gdxxnhvh.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebbaab.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gtamptst.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\kkbdyiuw.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mljgeda.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ohxykqvu.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\pdyevlum.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32	jmmnwey.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\uhngjver.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\urqppmn.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vgyfmpdl.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutqpn.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wgpyrpjw.exe.vir
      [DETECTION] Is the Trojan horse TR/Agent.AAOA
      [INFO]      The file was deleted!
C:\VundoFix Backups\awtrrpm.dll.bad
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\VundoFix Backups\bifolouo.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\efcbbcy.dll.bad
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\VundoFix Backups\eyudnyyi.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\geedc.dll.bad
      [DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
      [INFO]      The file was deleted!
C:\VundoFix Backups\gpskdwix.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\hbpcmtsy.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\hvtbewfq.dll.bad
      [DETECTION] Is the Trojan horse TR/Juan.H
      [INFO]      The file was deleted!
C:\VundoFix Backups\kcxkvlmn.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.C.1
      [INFO]      The file was deleted!
C:\VundoFix Backups\lcwpikrf.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.C.1
      [INFO]      The file was deleted!
C:\VundoFix Backups\mahhbdvb.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.C
      [INFO]      The file was deleted!
C:\VundoFix Backups\mhcybact.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.C
      [INFO]      The file was deleted!
C:\VundoFix Backups\mljji.dll.bad
      [DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
      [INFO]      The file was deleted!
C:\VundoFix Backups
ibcshmq.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.C
      [INFO]      The file was deleted!
C:\VundoFix Backups
nnmkhe.dll.bad
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\VundoFix Backups
xsqhnvu.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\opnmmmk.dll.bad
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\VundoFix Backups\pmnno.dll.bad
      [DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
      [INFO]      The file was deleted!
C:\VundoFix Backups\qupxuenn.dll.bad
      [DETECTION] Is the Trojan horse TR/JuanSearch.C
      [INFO]      The file was deleted!
C:\VundoFix Backupsetfxcri.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\uayxnsvt.dll.bad
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was deleted!
C:\VundoFix Backups\umnnooau.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\vngthdqw.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\VundoFix Backups\vtsqo.dll.bad
      [DETECTION] Is the Trojan horse TR/BHO.BD.13
      [INFO]      The file was deleted!
C:\VundoFix Backups\ymbahxmq.dll.bad
      [DETECTION] Is the Trojan horse TR/PSW.Gamania.B
      [INFO]      The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\etc\hosts.20070630-164428.backup
      [DETECTION] Is the Trojan horse TR/AntiHosts.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\htrefreghreger.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS	wesdwdewewd.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\comyobap.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\edconss.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\escsn.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ikern32.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32dsruns.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xmlemppt.exe
      [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
      [INFO]      The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système
de fichiers nécessaires sont chargés et si le volume n'est pas endommagé.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 22 juillet 2007  15:51
Used time:  1:20:36 min

The scan has been done completely.

   4720 Scanning directories
 257131 Files were scanned
     51 viruses and/or unwanted programs were found
      0 classified as suspicious:
     51 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 257080 Files not concerned
   1932 Archives were scanned
      2 Warnings
     19 Notes
      0 Hidden objects were found

Regis59 · Answer

OK !

Ccleaner :

https://www.malekal.com/tutoriel-ccleaner/

Et ensuite relance Spybot.

A++

kirchener · Answer

bon bah apres avoir utilisé Ccleaner en raifaisant un analyse spybot ilm ne detecte plus aucun mouchard. j'espere que ca va continuer. Merci beaucoup de votre aide.

kirchener · Answer

J'aurais juste une derniere question je combine ANTIVIR avec son gardien , SPYWARE TERMINATOR et sa protection en temp réel et SYGATE PERSONAL FIREWALL esque c est utile ou je dois en supprimer un ?
merci

Regis59 · Answer

ok

Ou en sont tes soucis

a+

kirchener · Answer

bah comme je l'ai dis plus haut aparament je n'ai plus de probleme. 
merci bien de ton aide pourrais tu juste repondre a la question que je t'ai posé plus haut.
merci bien

Regis59 · Answer

Re

Ok super :)

Pour la question:

J'aurais juste une derniere question je combine ANTIVIR avec son gardien , SPYWARE TERMINATOR et sa protection en temp réel et SYGATE PERSONAL FIREWALL esque c est utile ou je dois en supprimer un ? 

Perso j'ai des doutes sur Spyware terminator qui , en plus, installe une crawler...donc je le supprimerais et ne garderait que Antivir et ton pare feu Sygate.

:)
Bonne soirée

J'ai un probléme dee spyware je ne sias plus

43 réponses

Discussions similaires