SOS bout du roulo analyse d'hijackthis report

Question

SOS SOS SOS est ce que quelqu'un veut bien m'aider je suis au fond du roulo, au bout du goufre bref a deux doigt de peter un plomb voici mon rapport d'hijackthis, svp ne vous mettez pas a hurler c surement une catastrophe ;) merci d'avance:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:57:16, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\PROGRA~1\NEOSTR~1
eostradatp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\WINDOWSetadpu21.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Le Voyer Vincent\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1570C295-B2F8-4498-8FEC-0B8B0298F974} - C:\WINDOWS\system32\yaywust.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {26C15719-07AE-4FF5-A963-23BA6FCE1985} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: (no name) - {2CBAAC50-C49A-4286-9395-2392DC86EA40} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {377737CD-0B23-467F-A26D-3B46AE7ACF76} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\ssqpqnl.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\chvrxtxe.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nfhvgidisf] c:\windows\system32
fhvgidisf.exe nfhvgidisf
O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\LEVOYE~1\LOCALS~1\Temp\frmwrk.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWSetadpu21.exe 61A847B5BBF72810338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Rotm] "C:\DOCUME~1\LEVOYE~1\APPLIC~1\SSTEM3~1
slookup.exe" -vt yazb
O4 - HKCU\..\Run: [Fpvgxr] "C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Tester activation.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{598688E9-40E1-46DE-A0F0-4DE3C2A23B6B}: NameServer = 62.89.115.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O20 - Winlogon Notify: ssqpqnl - C:\WINDOWS\SYSTEM32\ssqpqnl.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll (file missing)
O20 - Winlogon Notify: yaywust - yaywust.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\syaehuew.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: Partage de Bureau &#341; distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau &#341; distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte &#341; puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

duflox · Answer

Tout d'abord Bonjour et bienvenue sur le forum d'entraide COMMENT CA MARCHE 

Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter. 
De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème. 
Merci de votre compréhension. 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

* Double-clique VundoFix.exe afin de le lancer. 
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo 
* Clique sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo 
* Une invite te demandera si tu veux supprimer les fichiers, clique YES 
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK 
* Démarre ton PC à nouveau. 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse. 

Note Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

danslamouise · Answer

merci beaucoup de m'aider c vraiment sympa je suis en pologne et c'est galere pour internet, bref... voila donc j'ai suivis vos instructions donc voila le rapport vundufix suivis du nouveau rapport hijackthis merci c vraiment tres cool mon pc ne reconnait meme plus mon modem (un sagem fast 800 si ca existe encore!! en Pologne en tout cas) donc je suis meme prive d'interne:

rapport vundofix:


VundoFix V6.5.8

Checking Java version...

Sun Java not detected
Scan started at 10:16:03 12/09/2007

Listing files found while scanning....

C:\WINDOWS\system32\acbeg.bak1
C:\WINDOWS\system32\acbeg.bak2
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\acbeg.tmp
C:\windows\system32\awtrpon.dll
C:\windows\system32\cbxyyvu.dll
C:\WINDOWS\system32\chvrxtxe.dll
C:\windows\system32\gebaaaw.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\ifkjvpow.dll
C:\WINDOWS\system32\jcgxhxdh.dll
C:\windows\system32\jkkhhfd.dll
C:\windows\system32\jkklmmj.dll
C:\WINDOWS\system32\mljge.dll
C:\windows\system32qrrqqo.dll
C:\WINDOWS\system32\ssqpqnl.dll
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\yaywust.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\acbeg.bak1
C:\WINDOWS\system32\acbeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\acbeg.bak2
C:\WINDOWS\system32\acbeg.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\acbeg.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\acbeg.tmp
C:\WINDOWS\system32\acbeg.tmp Has been deleted!

 Attempting to delete C:\windows\system32\awtrpon.dll
C:\windows\system32\awtrpon.dll Has been deleted!

 Attempting to delete C:\windows\system32\cbxyyvu.dll
C:\windows\system32\cbxyyvu.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebaaaw.dll
C:\windows\system32\gebaaaw.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkkhhfd.dll
C:\windows\system32\jkkhhfd.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkklmmj.dll
C:\windows\system32\jkklmmj.dll Has been deleted!

 Attempting to delete C:\windows\system32qrrqqo.dll
C:\windows\system32qrrqqo.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpqnl.dll
C:\WINDOWS\system32\ssqpqnl.dll Has been deleted!

Performing Repairs to the registry.
Done!


et la le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:26:11, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWSetadpu21.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Le Voyer Vincent\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {26C15719-07AE-4FF5-A963-23BA6FCE1985} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: (no name) - {2CBAAC50-C49A-4286-9395-2392DC86EA40} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {377737CD-0B23-467F-A26D-3B46AE7ACF76} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nfhvgidisf] c:\windows\system32
fhvgidisf.exe nfhvgidisf
O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\LEVOYE~1\LOCALS~1\Temp\frmwrk.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWSetadpu21.exe 61A847B5BBF72810338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Rotm] "C:\DOCUME~1\LEVOYE~1\APPLIC~1\SSTEM3~1
slookup.exe" -vt yazb
O4 - HKCU\..\Run: [Fpvgxr] "C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Tester activation.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{598688E9-40E1-46DE-A0F0-4DE3C2A23B6B}: NameServer = 62.89.115.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll (file missing)
O20 - Winlogon Notify: yaywust - yaywust.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\syaehuew.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: Partage de Bureau &#341; distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau &#341; distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte &#341; puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

duflox · Answer

Télécharge VirtumundoBegone sur le bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions. 
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis. 
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu 

puis

Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Double-clic sur combofix il vas te demander une question répond oui touche y puis attends que combofix soit fini il vas générer un rapport 

Poste le sur le forum dans ta réponse

danslamouise · Answer

bon alors voila j'ai suivis les instruction. donc voici  le rapport VBG puis le rapport HijackThis effectue a la suite de VBG quand a combofix je l'ai fait tourner deux fois (en ayant etteind mon partfeu) il ne va jusqu'au bout et ne genere pas de rapport en revanche j'ai fait un troisieme rapport HijackThis a la suite des deux scan de combofix que je te met aussi en troisieme:


rapport VBG:


 
[09/12/2007, 12:33:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Le Voyer Vincent\Bureau\VirtumundoBeGone.exe" )
[09/12/2007, 12:33:57] - Detected System Information:
[09/12/2007, 12:33:57] -  Windows Version: 5.1.2600, Service Pack 2
[09/12/2007, 12:33:57] -  Current Username: Le Voyer Vincent (Admin)
[09/12/2007, 12:33:57] -  Windows is in NORMAL mode.
[09/12/2007, 12:33:57] - Searching for Browser Helper Objects:
[09/12/2007, 12:33:57] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:33:57] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:33:57] -  BHO 3: {26C15719-07AE-4FF5-A963-23BA6FCE1985} ()
[09/12/2007, 12:33:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:33:57] -  Checking for HKLM\...\Winlogon\Notify\gebca
[09/12/2007, 12:33:57] -  Found: HKLM\...\Winlogon\Notify\gebca - This is probably Virtumundo.
[09/12/2007, 12:33:57] -  Assigning {26C15719-07AE-4FF5-A963-23BA6FCE1985} MSEvents Object
[09/12/2007, 12:33:57] - BHO list has been changed! Starting over...
[09/12/2007, 12:33:57] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:33:57] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:33:57] -  BHO 3: {26C15719-07AE-4FF5-A963-23BA6FCE1985} (MSEvents Object)
[09/12/2007, 12:33:57] - ALERT: Found MSEvents Object!
[09/12/2007, 12:33:57] -  BHO 4: {2CBAAC50-C49A-4286-9395-2392DC86EA40} ()
[09/12/2007, 12:33:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:33:57] -  Checking for HKLM\...\Winlogon\Notify\mljge
[09/12/2007, 12:33:57] -  Found: HKLM\...\Winlogon\Notify\mljge - This is probably Virtumundo.
[09/12/2007, 12:33:57] -  Assigning {2CBAAC50-C49A-4286-9395-2392DC86EA40} MSEvents Object
[09/12/2007, 12:33:57] - BHO list has been changed! Starting over...
[09/12/2007, 12:33:57] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:33:57] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:33:57] -  BHO 3: {26C15719-07AE-4FF5-A963-23BA6FCE1985} (MSEvents Object)
[09/12/2007, 12:33:57] - ALERT: Found MSEvents Object!
[09/12/2007, 12:33:57] -  BHO 4: {2CBAAC50-C49A-4286-9395-2392DC86EA40} (MSEvents Object)
[09/12/2007, 12:33:57] - ALERT: Found MSEvents Object!
[09/12/2007, 12:33:57] -  BHO 5: {377737CD-0B23-467F-A26D-3B46AE7ACF76} ()
[09/12/2007, 12:33:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:33:57] -  Checking for HKLM\...\Winlogon\Notify\ssttr
[09/12/2007, 12:33:57] -  Found: HKLM\...\Winlogon\Notify\ssttr - This is probably Virtumundo.
[09/12/2007, 12:33:57] -  Assigning {377737CD-0B23-467F-A26D-3B46AE7ACF76} MSEvents Object
[09/12/2007, 12:33:57] - BHO list has been changed! Starting over...
[09/12/2007, 12:33:57] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:33:57] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:33:57] -  BHO 3: {26C15719-07AE-4FF5-A963-23BA6FCE1985} (MSEvents Object)
[09/12/2007, 12:33:57] - ALERT: Found MSEvents Object!
[09/12/2007, 12:33:57] -  BHO 4: {2CBAAC50-C49A-4286-9395-2392DC86EA40} (MSEvents Object)
[09/12/2007, 12:33:57] - ALERT: Found MSEvents Object!
[09/12/2007, 12:33:57] -  BHO 5: {377737CD-0B23-467F-A26D-3B46AE7ACF76} (MSEvents Object)
[09/12/2007, 12:33:57] - ALERT: Found MSEvents Object!
[09/12/2007, 12:33:57] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 12:33:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:33:57] -  No filename found. Continuing.
[09/12/2007, 12:33:57] - Finished Searching Browser Helper Objects
[09/12/2007, 12:33:57] - *** Detected MSEvents Object
[09/12/2007, 12:33:57] - Trying to remove MSEvents Object...
[09/12/2007, 12:33:58] -    Terminating Process: IEXPLORE.EXE
[09/12/2007, 12:33:58] -    Terminating Process: RUNDLL32.EXE
[09/12/2007, 12:33:58] -    Disabling Automatic Shell Restart
[09/12/2007, 12:33:58] -    Terminating Process: EXPLORER.EXE
[09/12/2007, 12:34:01] -    Suspending the NT Session Manager System Service
[09/12/2007, 12:34:01] -    Terminating Windows NT Logon/Logoff Manager
[09/12/2007, 12:34:03] -    Re-enabling Automatic Shell Restart
[09/12/2007, 12:34:03] -   File to disable: C:\WINDOWS\system32\gebca.dll
[09/12/2007, 12:34:03] -   Removing HKLM\...\Browser Helper Objects\{26C15719-07AE-4FF5-A963-23BA6FCE1985}
[09/12/2007, 12:34:03] -   Removing HKCR\CLSID\{26C15719-07AE-4FF5-A963-23BA6FCE1985}
[09/12/2007, 12:34:03] -   Adding Kill Bit for ActiveX for GUID: {26C15719-07AE-4FF5-A963-23BA6FCE1985}
[09/12/2007, 12:34:03] -   Deleting ATLEvents/MSEvents Registry entries
[09/12/2007, 12:34:03] -   Removing HKLM\...\Winlogon\Notify\gebca
[09/12/2007, 12:34:03] - Searching for Browser Helper Objects:
[09/12/2007, 12:34:03] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:34:03] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:34:03] -  BHO 3: {2CBAAC50-C49A-4286-9395-2392DC86EA40} (MSEvents Object)
[09/12/2007, 12:34:03] - ALERT: Found MSEvents Object!
[09/12/2007, 12:34:03] -  BHO 4: {377737CD-0B23-467F-A26D-3B46AE7ACF76} (MSEvents Object)
[09/12/2007, 12:34:03] - ALERT: Found MSEvents Object!
[09/12/2007, 12:34:03] -  BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 12:34:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:34:03] -  No filename found. Continuing.
[09/12/2007, 12:34:03] - Finished Searching Browser Helper Objects
[09/12/2007, 12:34:03] - *** Detected MSEvents Object
[09/12/2007, 12:34:03] - Trying to remove MSEvents Object...
[09/12/2007, 12:34:04] -    Terminating Process: IEXPLORE.EXE
[09/12/2007, 12:34:04] -    Terminating Process: RUNDLL32.EXE
[09/12/2007, 12:34:04] -    Disabling Automatic Shell Restart
[09/12/2007, 12:34:04] -    Terminating Process: EXPLORER.EXE
[09/12/2007, 12:34:04] -    Suspending the NT Session Manager System Service
[09/12/2007, 12:34:04] -    Terminating Windows NT Logon/Logoff Manager
[09/12/2007, 12:34:04] -    Re-enabling Automatic Shell Restart
[09/12/2007, 12:34:04] -   File to disable: C:\WINDOWS\system32\mljge.dll
[09/12/2007, 12:34:04] -   Removing HKLM\...\Browser Helper Objects\{2CBAAC50-C49A-4286-9395-2392DC86EA40}
[09/12/2007, 12:34:04] -   Removing HKCR\CLSID\{2CBAAC50-C49A-4286-9395-2392DC86EA40}
[09/12/2007, 12:34:04] -   Adding Kill Bit for ActiveX for GUID: {2CBAAC50-C49A-4286-9395-2392DC86EA40}
[09/12/2007, 12:34:04] -   Deleting ATLEvents/MSEvents Registry entries
[09/12/2007, 12:34:04] -   Removing HKLM\...\Winlogon\Notify\mljge
[09/12/2007, 12:34:04] - Searching for Browser Helper Objects:
[09/12/2007, 12:34:04] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:34:04] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:34:04] -  BHO 3: {377737CD-0B23-467F-A26D-3B46AE7ACF76} (MSEvents Object)
[09/12/2007, 12:34:04] - ALERT: Found MSEvents Object!
[09/12/2007, 12:34:04] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 12:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:34:04] -  No filename found. Continuing.
[09/12/2007, 12:34:04] - Finished Searching Browser Helper Objects
[09/12/2007, 12:34:04] - *** Detected MSEvents Object
[09/12/2007, 12:34:04] - Trying to remove MSEvents Object...
[09/12/2007, 12:34:05] -    Terminating Process: IEXPLORE.EXE
[09/12/2007, 12:34:05] -    Terminating Process: RUNDLL32.EXE
[09/12/2007, 12:34:05] -    Disabling Automatic Shell Restart
[09/12/2007, 12:34:05] -    Terminating Process: EXPLORER.EXE
[09/12/2007, 12:34:05] -    Suspending the NT Session Manager System Service
[09/12/2007, 12:34:05] -    Terminating Windows NT Logon/Logoff Manager
[09/12/2007, 12:34:05] -    Re-enabling Automatic Shell Restart
[09/12/2007, 12:34:05] -   File to disable: C:\WINDOWS\system32\ssttr.dll
[09/12/2007, 12:34:05] -   Removing HKLM\...\Browser Helper Objects\{377737CD-0B23-467F-A26D-3B46AE7ACF76}
[09/12/2007, 12:34:05] -   Removing HKCR\CLSID\{377737CD-0B23-467F-A26D-3B46AE7ACF76}
[09/12/2007, 12:34:05] -   Adding Kill Bit for ActiveX for GUID: {377737CD-0B23-467F-A26D-3B46AE7ACF76}
[09/12/2007, 12:34:05] -   Deleting ATLEvents/MSEvents Registry entries
[09/12/2007, 12:34:05] -   Removing HKLM\...\Winlogon\Notify\ssttr
[09/12/2007, 12:34:05] - Searching for Browser Helper Objects:
[09/12/2007, 12:34:05] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/12/2007, 12:34:05] -  BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[09/12/2007, 12:34:05] -  BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 12:34:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 12:34:05] -  No filename found. Continuing.
[09/12/2007, 12:34:05] - Finished Searching Browser Helper Objects
[09/12/2007, 12:34:05] - Finishing up...
[09/12/2007, 12:34:05] - A restart is needed.
[09/12/2007, 12:34:16] - Attempting to Restart via STOP error (Blue Screen!)


rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:43:03, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\WINDOWSetadpu21.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\adiras.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Le Voyer Vincent\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nfhvgidisf] c:\windows\system32
fhvgidisf.exe nfhvgidisf
O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\LEVOYE~1\LOCALS~1\Temp\frmwrk.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWSetadpu21.exe 61A847B5BBF72810338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] C:\WINDOWS\adiras.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Rotm] "C:\DOCUME~1\LEVOYE~1\APPLIC~1\SSTEM3~1
slookup.exe" -vt yazb
O4 - HKCU\..\Run: [Fpvgxr] "C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Tester activation.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{598688E9-40E1-46DE-A0F0-4DE3C2A23B6B}: NameServer = 62.89.115.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywust - yaywust.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\syaehuew.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: Partage de Bureau &#341; distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau &#341; distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte &#341; puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

duflox · Answer

Double-clique VundoFix.exe afin de le lancer. 

Fais un clic droit dans la fenêtre blanche et clique "Add more files?" 

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut): 

C:\WINDOWS\system32\yaywust.dll 

Clique sur le bouton "Add File(s)" 

Clique sur le bouton "Close Window". 

Clique à nouveau sur "Remove Vundo" 

Une invite te demandera si tu veux supprimer les fichiers, clique YES 

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

danslamouise · Answer

ok c fait voila  un rapport de HijackThis effectue ensuite:

rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:02, on 2007-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\adiras.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\irftp.exe
C:\Documents and Settings\Le Voyer Vincent\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] C:\WINDOWS\adiras.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Rotm] "C:\DOCUME~1\LEVOYE~1\APPLIC~1\SSTEM3~1
slookup.exe" -vt yazb
O4 - HKCU\..\Run: [Fpvgxr] "C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Tester activation.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{598688E9-40E1-46DE-A0F0-4DE3C2A23B6B}: NameServer = 62.89.115.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywust - yaywust.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: Partage de Bureau &#341; distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau &#341; distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte &#341; puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

danslamouise · Answer

attends j'ai merde je crois ya pas tout dans le rapport:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:02, on 2007-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\adiras.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\irftp.exe
C:\Documents and Settings\Le Voyer Vincent\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] C:\WINDOWS\adiras.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Rotm] "C:\DOCUME~1\LEVOYE~1\APPLIC~1\SSTEM3~1
slookup.exe" -vt yazb
O4 - HKCU\..\Run: [Fpvgxr] "C:\Documents and Settings\Le Voyer Vincent\Mes documents\s?stem\w?nword.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Tester activation.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{598688E9-40E1-46DE-A0F0-4DE3C2A23B6B}: NameServer = 62.89.115.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywust - yaywust.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: Partage de Bureau &#341; distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau &#341; distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte &#341; puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

duflox · Answer

as tu fais ce qu il ya ecris au message 5?

danslamouise · Answer

bin oui tu veux que je recommence ?

danslamouise · Answer

quand je refais la manipe il me reponds : no more file were found the program will now end

duflox · Answer

ok pas de souci!!!!


alors j ai 2 questions:

tu as deja etait en pologne?

as tu des pages de pubs intempestives?

danslamouise · Answer

bin ca fait un an que je suis en pologne et non je n'ai pas de pub intenpestives en fait les "symptomes" sont un fond blanc qui couvre mon fond d'ecran et que je ne peut pas changer, et c'est aussi mon modem (sagem fast 800 avec connection USB pas top je sais) n'est pas reconnu par mon pc qui me dis a chaques fois que je branche un truc sur USB a part une cle : error in newdev.dll missing entry:ClientSideInstall enfin l'icone internet explorer ne mene plus a rien mais ca a la rigueur j'ai aussi firefox donc c pas trop genant voila c "tout".

duflox · Answer

ok alors:

fait un scan ici 
https://www.bitdefender.fr/ 

* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE 
* Dans la nouvelle fenêtre, clique sur j‘accepte
* Accepte le contrôle Active X et Installe le. Le scanner se charge
* La fenêtre change encore, clique sur ’cliquez ici pour scanner’
* Les signatures se chargent, etc. 

tuto en image : 
http://pageperso.aol.fr/rginformatique/mapage/defender.htm 

copie colle le résultat ici

danslamouise · Answer

desole je ne peut pas parce que mon pc n'est pas connecte lui meme je ne peut faire que l'alle retours entre mon pc de boulo et mon perso infecte via cle USB et le site de bitdefender, mon administrateur reseau au boulo ne m'autorise pas a y acceder grrrrrrrrrr t'aurai pas une autre solution ?

duflox · Answer

pour le moment fais ceci:(par contre il faudrais que tu le fasses chez toi le scan bitdefender):

* télécharge AVG Anti-Spyware 

avg antispyware
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html


Tuto : http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


* Tu l'installes 

Démarrer AVG antispyware. Cliquer sur "mise à jour", cliquer sur le bouton "Commencer la mise à jour" et attendre la fin de cette mise à jour puis, fermer le programme. 

si tu n'arrives pas à le mettre à jour prends ici les Mise à jour:

http://downloads.ewido.net/avgas-signatures-full-current.exe 



Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 



 relance AVG AS et cliquer sur l'onglet "scanner" puis sur "Analyse complète du système". 
Une fois le scan terminé, il t'affiche un rapport. Cliquer sur "configurer..." en bas a gauche et choisir "supprimer". Ensuite cliquer sur "Appliquer toutes les actions ", ça va supprimer toutes les infections détectées. 
Ensuite cliquer sur "Enregistrer le rapport d'analyse" -> "enregistrer sous" et enregistrer le rapport où bon te semble, afin de me l'envoyer dans ta prochaine réponse. 


Copie Et colle le rapport ici

danslamouise · Answer

bon j'ai reussis le telechargement avec le deuxieme lien mais je n'arrive pas a telecharger la mise a jour parce que mon administrateur reseau ne me le permet pas si tu l'as en lien direct ca m'arrangerai, et je ne peut pas non plus le faire appres installation du logiciel car je ne peut simplement pas me connecter tant que mon pc ne reconnait pas mon modem a chaque fois que je le branche il me reponds :
"error in newdev.dll missing entry:ClientSideInstall"

peut etre peut tu m'envoyer la mise a jour par mail ?

danslamouise · Answer

non si c bon bouges pas je fais ce que tu me dis

duflox · Answer

ok j attend le rapport

a+

SOS bout du roulo analyse d'hijackthis report

18 réponses

Votre réponse

Discussions similaires

Newsletters