Infection secure window, vundo..

Question

Bonjour, 
je reçoie un message d'alerte toutes les 30 secondes dans la barre des taches, du genre "secure center alerte virus..", accompagné de messages divers et de pub internet sur les differentes façon de l'enlever, bien sûr je ne rien téléchargé ni installé de programmes venant de ses pubs..
tout ceci commence a devenir très génant, les pubs internet s'accumulent et me font ralentir mon pc,
j'ai essayé divers programmes pour en arriver a bout, mais rien n'y fait!

ps: même en mode sans échec, les messages d'arletes continue de fonctionner, sans les pubs internet bien sûr.

voila mon compte rendu d'hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:19, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAIDaid_tool.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lydhqnhb.dll
O4 - HKLM\..\Run: [WIN USB 2.0] usbsystem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\vjavsylf.dll",sitypnow
O4 - HKLM\..\RunServices: [WIN USB 2.0] usbsystem.exe
O4 - HKCU\..\Run: [WIN USB 2.0] usbsystem.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [WIN USB 2.0] usbsystem.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WIN USB 2.0] usbsystem.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAIDaid_tool.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

jlpjlp · Answer

slt,


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

_________________
puis :




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


_________________

combofix (colle le rapport)

http://mickael.barroux.free.fr/securite/combofix.php


__________________



 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

scan en ligne firefox
	
https://www.trendmicro.com/fr_fr/business.html


_________________
recolle hijackthis:

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

juhX · Answer

Ok, j'ai exécuté toutes les manips dans l'ordre, les messages "secure windows" n'apparaissent plus !! merci :D, elles n'apparaissaient plus dés la première manips "vundofix"
cependant je post mes rapport de chaques analyses, je pense qu'il reste encore quelques traces:

pour vundofix:

VundoFix V6.5.10

Checking Java version...

Scan started at 19:57:58 15/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\clavyhdw.dll
C:\WINDOWS\system32\gnqyfday.dll
C:\WINDOWS\system32\ukkrauza.dll
C:\windows\system32\yadfyqng.ini
Beginning removal...

Attempting to delete C:\WINDOWS\system32\clavyhdw.dll
C:\WINDOWS\system32\clavyhdw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gnqyfday.dll
C:\WINDOWS\system32\gnqyfday.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukkrauza.dll
C:\WINDOWS\system32\ukkrauza.dll Has been deleted!

Attempting to delete C:\windows\system32\yadfyqng.ini
C:\windows\system32\yadfyqng.ini Has been deleted!

Performing Repairs to the registry.
Done!

pour virtumundobegone:

[10/15/2007, 20:07:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Hunter_X\Bureau\VirtumundoBeGone.exe" )
[10/15/2007, 20:07:26] - Detected System Information:
[10/15/2007, 20:07:26] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 20:07:26] - Current Username: Hunter_X (Admin)
[10/15/2007, 20:07:26] - Windows is in NORMAL mode.
[10/15/2007, 20:07:26] - Searching for Browser Helper Objects:
[10/15/2007, 20:07:26] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 20:07:26] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/15/2007, 20:07:26] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[10/15/2007, 20:07:26] - BHO 4: {2FB9706C-F314-4813-9B7B-373E711402CC} ()
[10/15/2007, 20:07:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 20:07:26] - Checking for HKLM\...\Winlogon\Notify\awtsq
[10/15/2007, 20:07:26] - Key not found: HKLM\...\Winlogon\Notify\awtsq, continuing.
[10/15/2007, 20:07:26] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 20:07:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 20:07:26] - No filename found. Continuing.
[10/15/2007, 20:07:26] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 20:07:26] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[10/15/2007, 20:07:26] - Finished Searching Browser Helper Objects
[10/15/2007, 20:07:26] - Finishing up...
[10/15/2007, 20:07:26] - Nothing found! Exiting...

pour combofix:

ComboFix 07-10-15.1 - Hunter_X 2007-10-15 20:27:10.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.99 [GMT 2:00]
Running from: C:\Documents and Settings\Hunter_X\Bureau\ComboFix(2).exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hammer.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\tsitra1044.exe
.
---- Previous Run -------
.
C:\Program Files\Hammer.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\tsitra1044.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.

2007-10-15 11:22 389,184 --a------ C:\WINDOWS\system32\lmikfbiu.exe
2007-10-14 21:55 <REP> d-------- C:\Program Files\Trend Micro
2007-10-14 21:55 <REP> d-------- C:\hijackthis
2007-10-14 11:22 389,184 --a------ C:\WINDOWS\system32\efudrgal.exe
2007-10-13 18:35 <REP> d-------- C:\Documents and Settings\Hunter_X\Application Data\Grisoft
2007-10-13 18:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-13 18:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-13 18:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-13 18:22 <REP> d-------- C:\Program Files\Navilog1
2007-10-13 17:28 <REP> d-------- C:\VundoFix Backups
2007-10-13 17:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-10-13 17:15 <REP> d-------- C:\Program Files\Yahoo!
2007-10-13 17:15 <REP> d-------- C:\Program Files\CCleaner
2007-10-13 14:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-13 13:56 389,184 --a------ C:\WINDOWS\system32\hpwfhkqt.exe
2007-10-13 13:56 339,968 --------- C:\WINDOWS\system32\rinjmqcl.dll
2007-10-13 02:16 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-13 02:16 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-13 01:57 <REP> d-------- C:\Program Files\MSBuild
2007-10-13 01:57 <REP> d-------- C:\Program Files\Microsoft Works
2007-10-13 01:55 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-13 01:49 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-13 01:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-10-13 01:45 35,840 --a------ C:\WINDOWS\system32\qommljh.dll
2007-10-10 21:08 <REP> d-------- C:\Program Files\Veoh Networks
2007-10-10 16:44 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 18:44 98,304 --a------ C:\WINDOWS\system32\TVPThumbnail.dll
2007-10-09 18:43 <REP> d-------- C:\Program Files\TVPaint Developpement
2007-10-09 17:54 <REP> d-------- C:\Documents and Settings\Hunter_X\Application Data\tvpaint animation
2007-10-09 17:52 <REP> d-------- C:\Program Files\SafeNet Sentinel
2007-10-09 17:52 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel
2007-09-30 18:19 <REP> d-------- C:\Program Files\SLD Codec Pack
2007-09-30 10:01 <REP> d-------- C:\Documents and Settings\Hunter_X\Bluetooth Software
2007-09-30 10:01 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-30 10:01 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-09-30 10:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-09-30 10:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-09-30 09:58 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-09-30 09:58 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-09-30 09:58 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-09-30 09:58 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-09-30 09:58 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-09-30 09:58 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-09-30 09:55 <REP> d-------- C:\Program Files\WIDCOMM
2007-09-28 21:33 <REP> d-------- C:\Program Files\iTunes
2007-09-28 21:33 <REP> d-------- C:\Program Files\iPod
2007-09-20 18:41 <REP> d-------- C:\Program Files\DriftCity
2007-09-20 01:42 <REP> d-------- C:\Program Files\DivX
2007-09-18 17:56 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-18 17:54 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-18 17:54 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-18 00:30 139,264 --a------ C:\WINDOWS\NeoUninstall.exe
2007-09-18 00:29 <REP> d-------- C:\Program Files\Neoact
2007-09-16 17:06 55,168 --------- C:\WINDOWS\system32\drivers\sdcplh.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 18:33 --------- d-----w C:\Program Files\FlashGet
2007-10-15 18:22 --------- d-----w C:\Documents and Settings\Hunter_X\Application Data\OpenOffice.org2
2007-10-14 21:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-13 15:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-10 19:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 21:38 --------- d-----w C:\Documents and Settings\Hunter_X\Application Data\MSN6
2007-10-01 18:55 --------- d-----w C:\Documents and Settings\Hunter_X\Application Data\Canon
2007-09-18 13:30 --------- d-----w C:\Program Files\Apple Software Update
2007-09-18 13:29 --------- d-----w C:\Program Files\QuickTime
2007-09-12 18:02 --------- d--h--w C:\Documents and Settings\Hunter_X\Application Data\ijjigame
2007-09-12 17:32 --------- d-----w C:\Program Files\NHN USA
2007-09-12 14:44 --------- d-----w C:\Program Files\ma-config.com
2007-09-12 14:44 --------- d-----w C:\Program Files\HardwareDetection
2007-09-12 14:44 --------- d-----w C:\Documents and Settings\Hunter_X\Application Data\ma-config.com
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-15 18:03 81,920 ----a-w C:\Documents and Settings\Hunter_X\Application Data\ezpinst.exe
2006-11-15 18:03 47,360 -c--a-w C:\Documents and Settings\Hunter_X\Application Data\pcouffin.sys
2007-06-23 17:24:43 1,004 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-13_17.50.14.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 17:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 18:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 13:16:46 2,939,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-09-15 14:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 13:16:48 12,813,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-26 18:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 18:55:44 263,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 18:55:44 272,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 13:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
- 2007-10-13 00:04:29 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-10-13 16:50:16 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2007-10-13 00:04:30 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-10-13 16:50:16 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-13 00:04:30 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-10-13 16:50:16 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-13 00:04:30 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-13 16:50:16 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-13 00:04:30 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-13 16:50:16 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-13 00:04:30 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-13 16:50:17 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-13 00:04:30 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-13 16:50:16 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-13 00:04:30 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-13 16:50:16 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-13 00:04:30 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-13 16:50:16 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-13 00:04:30 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-13 16:50:17 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-13 00:04:30 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-13 16:50:16 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-02-15 17:01:04 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-06-11 11:04:38 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
- 2007-09-30 08:00:08 54,150 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-14 22:53:52 54,994 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-09-30 08:00:08 65,458 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-10-14 22:53:53 66,336 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-09-30 08:00:08 383,168 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-14 22:53:53 386,072 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-09-30 08:00:08 448,260 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-10-14 22:53:53 451,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2006-11-17 14:14:32 15,664 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-11-17 14:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-10-13 14:46:24 12,345 ----a-w C:\WINDOWS\system32\Tablet.dat
+ 2007-10-15 18:36:14 12,345 ----a-w C:\WINDOWS\system32\Tablet.dat
+ 2007-10-15 18:35:08 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_638.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WIN USB 2.0"="usbsystem.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 12:42]
"nwiz"="nwiz.exe" [2004-07-15 12:42 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 12:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 C:\WINDOWS\soundman.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-28 14:24]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-01-22 13:28]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 22:05]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-03-20 12:40]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WIN USB 2.0"="usbsystem.exe" []
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" []
"LDM"="\Program\" []
"WebCamRT.exe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-11-19 22:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WIN USB 2.0"=usbsystem.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WIN USB 2.0"=usbsystem.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommljh]
qommljh.dll 2007-10-13 01:45 35840 C:\WINDOWS\system32\qommljh.dll

R0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 9882551a-4720-47ff-9e68-c29bb021c052;9882551a-4720-47ff-9e68-c29bb021c052;\??\E:\Player\cds300.dll
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-12 19:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

bitdefender:

Fichier analysé

Statut

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>a.class

Infecté par: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>a.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>a.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip

Mis à jour

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>Dummy.class

Infecté par: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>Dummy.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>Dummy.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip

Mis à jour

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>VerifierBug.class

Infecté par: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>VerifierBug.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip=>VerifierBug.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-2e1696f8.zip

Mis à jour

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>BlackBox.class

Infecté par: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>BlackBox.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>BlackBox.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip

Mis à jour

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>VerifierBug.class

Infecté par: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>VerifierBug.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>VerifierBug.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip

Mis à jour

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>Dummy.class

Infecté par: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>Dummy.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>Dummy.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip

Mis à jour

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>Beyond.class

Infecté par: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>Beyond.class

Echec de la désinfection

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip=>Beyond.class

Supprimé

C:\Documents and Settings\Hunter_X\.jpi_cache\jar\1.0\count.jar-566b5521-26defc6f.zip

Mis à jour

C:\Program Files\Medal Script 4.9\mIRC system\ALIAS1.INI

Infecté par: Trojan.Irc.Flood.I

C:\Program Files\Medal Script 4.9\mIRC system\ALIAS1.INI

Echec de la désinfection

C:\Program Files\Medal Script 4.9\mIRC system\ALIAS1.INI

Supprimé

C:\Program Files\Medal Script 4.9\system\DLLS\BLOWFISH.DLL

Infecté par: Backdoor.Irc.Mirc.Based.D

C:\Program Files\Medal Script 4.9\system\DLLS\BLOWFISH.DLL

Echec de la désinfection

C:\Program Files\Medal Script 4.9\system\DLLS\BLOWFISH.DLL

Supprimé

C:\qoobox\Quarantine\C\WINDOWS\tsitra1044.exe.vir

Infecté par: Trojan.Downloader.Agent.YPZ

C:\qoobox\Quarantine\C\WINDOWS\tsitra1044.exe.vir

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP853\A0156267.dll

Infecté par: Trojan.Vundo.DNR

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP853\A0156267.dll

Echec de la désinfection

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP853\A0156267.dll

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP854\A0157106.dll

Infecté par: Trojan.Vundo.DNR

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP854\A0157106.dll

Echec de la désinfection

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP854\A0157106.dll

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP855\A0157233.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd

Infecté par: Trojan.Batc.Flashdis.A

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP855\A0157233.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd

Echec de la désinfection

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP855\A0157233.exe=>(RAR Sfx o)=>Flash_Disinfector.cmd

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP855\A0157233.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP856\A0157353.dll

Infecté par: Trojan.Vundo.DNR

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP856\A0157353.dll

Echec de la désinfection

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP856\A0157353.dll

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157379.exe

Infecté par: Trojan.Downloader.Agent.YPZ

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157379.exe

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157492.INI

Infecté par: Trojan.Irc.Flood.I

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157492.INI

Echec de la désinfection

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157492.INI

Supprimé

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157493.DLL

Infecté par: Backdoor.Irc.Mirc.Based.D

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157493.DLL

Echec de la désinfection

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP857\A0157493.DLL

Supprimé

C:\VundoFix Backups\gnqyfday.dll.bad

Infecté par: Trojan.Vundo.DNR

C:\VundoFix Backups\gnqyfday.dll.bad

Echec de la désinfection

C:\VundoFix Backups\gnqyfday.dll.bad

Supprimé

C:\VundoFix Backups\otbmwnvq.dll.bad

Infecté par: Trojan.Vundo.DNR

C:\VundoFix Backups\otbmwnvq.dll.bad

Echec de la désinfection

C:\VundoFix Backups\otbmwnvq.dll.bad

Supprimé

C:\VundoFix Backups\vjavsylf.dll.bad

Infecté par: Trojan.Vundo.DNR

C:\VundoFix Backups\vjavsylf.dll.bad

Echec de la désinfection

C:\VundoFix Backups\vjavsylf.dll.bad

Supprimé

C:\WINDOWS\backup\TB041102.DAT=>(Embedded EXE g)

Infecté par: Win32.Worm.Padobot.N

C:\WINDOWS\backup\TB041102.DAT=>(Embedded EXE g)

Echec de la désinfection

C:\WINDOWS\backup\TB041102.DAT=>(Embedded EXE g)

Supprimé

C:\WINDOWS\backup\TB041102.DAT

Echec de la mise à jour

F:\mes documents 2\msn\Images-JPG76.zip=>Images-JPG76.scr

Infecté par: Backdoor.IRC.Brenda.B

F:\mes documents 2\msn\Images-JPG76.zip=>Images-JPG76.scr

Echec de la désinfection

F:\mes documents 2\msn\Images-JPG76.zip=>Images-JPG76.scr

Supprimé

F:\mes documents 2\msn\Images-JPG76.zip

Mis à jour

F:\mes documents 2\telechargement\diverse installation\ADSLAutoconnect205F13.exe=>(CAB Sfx o)=>ADSL Autoconnect.exe

Infecté par: Trojan.Horse.AU

F:\mes documents 2\telechargement\diverse installation\ADSLAutoconnect205F13.exe=>(CAB Sfx o)=>ADSL Autoconnect.exe

Echec de la désinfection

F:\mes documents 2\telechargement\diverse installation\ADSLAutoconnect205F13.exe=>(CAB Sfx o)=>ADSL Autoconnect.exe

Supprimé

F:\mes documents 2\telechargement\diverse installation\ADSLAutoconnect205F13.exe=>(CAB Sfx o)

Echec de la mise à jour

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>mIRC.exe

Infecté par: Backdoor.Mirc.AH

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>mIRC.exe

Echec de la désinfection

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>mIRC.exe

Supprimé

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)

Echec de la mise à jour

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>mIRC system\ALIAS1.INI

Infecté par: Trojan.Irc.Flood.I

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>mIRC system\ALIAS1.INI

Echec de la désinfection

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>mIRC system\ALIAS1.INI

Supprimé

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)

Echec de la mise à jour

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>system\DLLS\BLOWFISH.DLL

Infecté par: Backdoor.Irc.Mirc.Based.D

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>system\DLLS\BLOWFISH.DLL

Echec de la désinfection

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)=>system\DLLS\BLOWFISH.DLL

Supprimé

F:\mes documents 2\telechargement\diverse installation\communiquer\MedalScript49.exe=>(RAR Sfx o)

Virus Détectés

Java.Trojan.Exploit.Bytverify.C

Trojan.Java.Classloader.Dummy.A

Backdoor.Irc.Mirc.Based.D

Java.Trojan.Exploit.Bytverify

Trojan.Horse.AU

Backdoor.Mirc.AH

Trojan.Batc.Flashdis.A

Trojan.Vundo.DNR

Trojan.Downloader.Agent.YPZ

Backdoor.IRC.Brenda.B

Win32.Worm.Padobot.N
Trojan.Irc.Flood.I

et hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:23, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WIN USB 2.0] usbsystem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [WIN USB 2.0] usbsystem.exe
O4 - HKCU\..\Run: [WIN USB 2.0] usbsystem.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [WIN USB 2.0] usbsystem.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WIN USB 2.0] usbsystem.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: qommljh - C:\WINDOWS\SYSTEM32\qommljh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

voila, pour l'instant tout remarche comme avant!

jlpjlp · Answer

pour ça:

C:\System Volume Information\_restore{CDD636E9-5A05-4E75-A470-0488C0026CE7}\RP853\A0156267.dll




désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)


__________________________

va dans poste de travail puis F et regarde si present ce fichier  Images-JPG76.zip 

F:\mes documents 2\msn\Images-JPG76.zip 

__________________________
comme il y a un fichier infecté dans msn:

Télécharge MSNFix de Laurent 
http://sosvirus.changelog.fr/MSNFix.zip 

Décompresse-le et double clic sur le fichier MSNFix.bat. 
- Exécute l'option R. 
--Si l'infection est détectée, exécute l'option N 
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum. 

Note : 
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal 
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement. 

________________________________

AVG antispyware

https://www.01net.com/telecharger/

Tuto : 
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres" 

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines" 
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 

Si un fichier est infecté en fin d'analyse 

->Clique sur "Appliquer toutes les actions " 

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous". 

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici


_________________________
il reste ça aussi
O20 - Winlogon Notify: qommljh - C:\WINDOWS\SYSTEM32\qommljh.dll 



Relance Vundofix (colle le rapport)
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\SYSTEM32\qommljh.dll 


* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

__________________________


Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

•  Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean 
•  Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec 
•  Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html




a plus

juhX · Answer

Alors voila la suite, sauf que je n'ai pa pu sauvegarder un rapport de MSNfix, jai n'ai récue aucune fenêtre de sauvegarde au redemarrage..

pour AVG il n'a rien trouvé, 

Clean:

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 16/10/2007 a  1:10:29,43 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
tentative de suppression de C:\autorun.inf 
Impossible de supprimer C:\autorun.inf  
 
*** Suppression des fichiers dans C:\WINDOWS\ 
tentative de suppression de C:\WINDOWS\UnGins.exe 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
tentative de suppression de C:\WINDOWS\system32\ftpupd.exe 

tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" 
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.2" 
tentative de suppression de "C:\Documents and Settings\Hunter_X\Application Data\ezpinst.exe" 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de "C:\Program Files\quickbar\" 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport !


et un ptit hijackthis, on sais jamais:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:11, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAIDaid_tool.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\eden\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\RunServices: [WIN USB 2.0] usbsystem.exe
O4 - HKCU\..\Run: [WIN USB 2.0] usbsystem.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [WIN USB 2.0] usbsystem.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WIN USB 2.0] usbsystem.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAIDaid_tool.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

jlpjlp · Answer

Salut 

Vas sur le site https://virusscan.jotti.org/ 
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :

C:\WINDOWS\system32\lmikfbiu.exe

- Clic sur submit toujours en haut à droite 
- Le scan va se lancer, ça va prendre un petit instant 
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici. 
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799 


fais de meme avec ces deux

C:\WINDOWS\system32\efudrgal.exe
C:\WINDOWS\system32\rinjmqcl.dll

_________________

recolle un scan en ligne

juhX · Answer

bonsoir, voila le scan de chaques:

C:\WINDOWS\system32\lmikfbiu.exe 
File:  lmikfbiu.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5:  1b2bebf617e3ccceb048280811ff6da7  
Packers detected:  - 
Bit9 reports:  File not found  
 
Scanner results  Scan taken on 20 Oct 2007 00:09:01 (GMT)  
A-Squared  Found nothing 
AntiVir  Found ADSPY/SecToolBar.G.1  
ArcaVir  Found Adware.Sectoolbar.G  
Avast  Found nothing 
AVG Antivirus  Found Generic2.TWV  
BitDefender  Found nothing 
ClamAV  Found nothing 
CPsecure  Found AdWare.W32.SecToolBar.G  
Dr.Web  Found Trojan.Hammer  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found not-a-virus:AdWare.Win32.SecToolBar.g (4, 1, 400)  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found not-a-virus:AdWare.Win32.SecToolBar.g  
NOD32  Found Win32/Adware.SecToolbar application  
Norman Virus Control  Found Busky.C  
Panda Antivirus  Found nothing 
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/Behav-010  
VirusBuster  Found nothing 
VBA32  Found Trojan.Hammer  


C:\WINDOWS\system32\efudrgal.exe 
A-Squared  Found nothing 
AntiVir  Found ADSPY/SecToolBar.G.1  
ArcaVir  Found Adware.Sectoolbar.G  
Avast  Found nothing 
AVG Antivirus  Found Generic2.TWV  
BitDefender  Found nothing 
ClamAV  Found nothing 
CPsecure  Found AdWare.W32.SecToolBar.G  
Dr.Web  Found Trojan.Hammer  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found not-a-virus:AdWare.Win32.SecToolBar.g (4, 1, 400)  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found not-a-virus:AdWare.Win32.SecToolBar.g  
NOD32  Found Win32/Adware.SecToolbar application  
Norman Virus Control  Found Busky.C  
Panda Antivirus  Found nothing 
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/Behav-010  
VirusBuster  Found nothing 
VBA32  Found Trojan.Hammer  


C:\WINDOWS\system32\rinjmqcl.dll
File:  rinjmqcl.dll  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5:  f9eb9559d19fb6293bd06eb82320e157  
Packers detected:  - 
Bit9 reports:  File not found  
 
Scanner results  
Scan taken on 19 Oct 2007 23:54:06 (GMT)  
A-Squared  Found nothing 
AntiVir  Found ADSPY/SecToolBar.F  
ArcaVir  Found Adware.Sectoolbar.F  
Avast  Found nothing 
AVG Antivirus  Found Generic2.TWW  
BitDefender  Found Adware.Vundo.AV  
ClamAV  Found nothing 
CPsecure  Found nothing 
Dr.Web  Found Trojan.Hammer  
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found not-a-virus:AdWare.Win32.SecToolBar.f (4, 1, 400)  
Fortinet  Found Adware/SecToolBar  
Kaspersky Anti-Virus  Found not-a-virus:AdWare.Win32.SecToolBar.f  
NOD32  Found Win32/Adware.SecToolbar application  
Norman Virus Control  Found nothing 
Panda Antivirus  Found nothing 
Rising Antivirus  Found nothing 
Sophos Antivirus  Found Mal/Behav-010  
VirusBuster  Found nothing 
VBA32  Found AdWare.Win32.SecToolBar.f

jlpjlp · Answer

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\WINDOWS\system32\lmikfbiu.exe
C:\WINDOWS\system32\efudrgal.exe
C:\WINDOWS\system32\rinjmqcl.dll



clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


___________________

recolle un scan en lgne et un rapport hijackthis et dis tes pbs

Infection secure window, vundo..

7 réponses

Votre réponse

Discussions similaires

Newsletters