Probleme avec trojan spm/lx et trojan tj/bz

orros75 Messages postés 16 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
bonjour, j'ai un gros souci avec des trojans. etant novice je vous demande de l'aide.merci bcp

29 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    lance
    AVG antispyware

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    ________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm
    0
  2. orros75 Messages postés 16 Statut Membre
     
    salut je n'ai rien sur le rapport avg il a tt suprimer,mais le probleme est tjs la (ouverture intenpestif de fenetre pour acheter des antivirus). en te remercient.
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Fais un clic droit sur ce lien : (IL-MAFIOSO)
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    _______________
    0
  4. orros75 Messages postés 16 Statut Membre
     
    voila le rapport ...Search Navipromo version 3.3.5 commencé le 12/11/2007 à 21:44:13,06

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 08.11.2007 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\WINDOWS\system32
    - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1 *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:
    C:\WINDOWS\system32\aybeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\abadd.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\abadd.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    2)Recherche Heuristique :

    3)Recherche Certificats :

    Certificat Egroup absent !

    *** Analyse terminée le 12/11/2007 à 21:45:28,93 ***
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tu as des infections vundo:

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _______________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    __________________
    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _________________

    recolle ensuite un rapport hijackthis
    0
  7. orros75 Messages postés 16 Statut Membre
     
    voila le rapport Logfile of HijackThis v1.99.1
    Scan saved at 22:05:35, on 12/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Insider\Insider.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {2F137E1B-383B-4A02-A48C-07667047FCA9} - C:\WINDOWS\system32\ddaba.dll
    O2 - BHO: (no name) - {43BA6470-E47A-477B-A5D8-4232DCB16026} - (no file)
    O2 - BHO: (no name) - {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8123E8DC-386D-4F04-833E-A74FFEFEDA70} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hjfcevrb.dll
    O2 - BHO: (no name) - {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} - C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
    O2 - BHO: (no name) - {BBF29C49-9213-44F5-B740-43787719F53A} - C:\WINDOWS\system32\gebya.dll (file missing)
    O2 - BHO: (no name) - {BD72F158-D54D-4C47-8D29-FA7A659F6518} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hjfcevrb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c4adc6db09cf46ba84382b7cdfc81633
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c4adc6db09cf46ba84382b7cdfc81633
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://bitdefender.solutions-antivirus.com/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: hjfcevrb - C:\WINDOWS\SYSTEM32\hjfcevrb.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    0
  8. orros75 Messages postés 16 Statut Membre
     
    re vundo ne trouve rien ?????
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pas de souci , le reste trouvera
    0
  10. orros75 Messages postés 16 Statut Membre
     
    ok je te remerci. voila le scan de virtu....
    [11/13/2007, 17:16:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Mes documents\Mes téléchargements\VirtumundoBeGone.exe" )
    [11/13/2007, 17:16:57] - Detected System Information:
    [11/13/2007, 17:16:57] - Windows Version: 5.1.2600, Service Pack 2
    [11/13/2007, 17:16:57] - Current Username: Administrateur (Admin)
    [11/13/2007, 17:16:57] - Windows is in NORMAL mode.
    [11/13/2007, 17:16:57] - Searching for Browser Helper Objects:
    [11/13/2007, 17:16:57] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} ()
    [11/13/2007, 17:16:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:57] - Checking for HKLM\...\Winlogon\Notify\awtrqqp
    [11/13/2007, 17:16:57] - Found: HKLM\...\Winlogon\Notify\awtrqqp - This is probably Virtumundo.
    [11/13/2007, 17:16:57] - Assigning {01CD0B31-9154-45F2-9414-F5D64B74EAF6} MSEvents Object
    [11/13/2007, 17:16:57] - BHO list has been changed! Starting over...
    [11/13/2007, 17:16:57] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} (MSEvents Object)
    [11/13/2007, 17:16:57] - ALERT: Found MSEvents Object!
    [11/13/2007, 17:16:57] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
    [11/13/2007, 17:16:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:57] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 3: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 4: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 5: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/13/2007, 17:16:58] - BHO 7: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/13/2007, 17:16:58] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 10: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - No filename found. Continuing.
    [11/13/2007, 17:16:58] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/13/2007, 17:16:58] - BHO 12: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
    [11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:58] - Checking for HKLM\...\Winlogon\Notify\ddaba
    [11/13/2007, 17:16:59] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
    [11/13/2007, 17:16:59] - BHO 13: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
    [11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:59] - Checking for HKLM\...\Winlogon\Notify\hjfcevrb
    [11/13/2007, 17:16:59] - Found: HKLM\...\Winlogon\Notify\hjfcevrb - This is probably Virtumundo.
    [11/13/2007, 17:16:59] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
    [11/13/2007, 17:16:59] - BHO list has been changed! Starting over...
    [11/13/2007, 17:16:59] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} (MSEvents Object)
    [11/13/2007, 17:16:59] - ALERT: Found MSEvents Object!
    [11/13/2007, 17:16:59] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
    [11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:59] - No filename found. Continuing.
    [11/13/2007, 17:16:59] - BHO 3: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
    [11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:59] - No filename found. Continuing.
    [11/13/2007, 17:16:59] - BHO 4: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
    [11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:59] - No filename found. Continuing.
    [11/13/2007, 17:16:59] - BHO 5: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
    [11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:16:59] - No filename found. Continuing.
    [11/13/2007, 17:16:59] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/13/2007, 17:16:59] - BHO 7: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
    [11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - No filename found. Continuing.
    [11/13/2007, 17:17:00] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/13/2007, 17:17:00] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - No filename found. Continuing.
    [11/13/2007, 17:17:00] - BHO 10: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
    [11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - No filename found. Continuing.
    [11/13/2007, 17:17:00] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/13/2007, 17:17:00] - BHO 12: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
    [11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - Checking for HKLM\...\Winlogon\Notify\ddaba
    [11/13/2007, 17:17:00] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
    [11/13/2007, 17:17:00] - BHO 13: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
    [11/13/2007, 17:17:00] - ALERT: Found MSEvents Object!
    [11/13/2007, 17:17:00] - BHO 14: {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} ()
    [11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - Checking for HKLM\...\Winlogon\Notify\caws83122.exe
    [11/13/2007, 17:17:00] - Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
    [11/13/2007, 17:17:00] - BHO 15: {BBF29C49-9213-44F5-B740-43787719F53A} ()
    [11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - Checking for HKLM\...\Winlogon\Notify\gebya
    [11/13/2007, 17:17:00] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
    [11/13/2007, 17:17:00] - BHO 16: {BD72F158-D54D-4C47-8D29-FA7A659F6518} ()
    [11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:00] - No filename found. Continuing.
    [11/13/2007, 17:17:01] - BHO 17: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [11/13/2007, 17:17:01] - BHO 18: {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} ()
    [11/13/2007, 17:17:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:01] - No filename found. Continuing.
    [11/13/2007, 17:17:01] - Finished Searching Browser Helper Objects
    [11/13/2007, 17:17:01] - *** Detected MSEvents Object
    [11/13/2007, 17:17:01] - Trying to remove MSEvents Object...
    [11/13/2007, 17:17:02] - Terminating Process: IEXPLORE.EXE
    [11/13/2007, 17:17:02] - Terminating Process: RUNDLL32.EXE
    [11/13/2007, 17:17:02] - Disabling Automatic Shell Restart
    [11/13/2007, 17:17:02] - Terminating Process: EXPLORER.EXE
    [11/13/2007, 17:17:03] - Suspending the NT Session Manager System Service
    [11/13/2007, 17:17:03] - Terminating Windows NT Logon/Logoff Manager
    [11/13/2007, 17:17:03] - Re-enabling Automatic Shell Restart
    [11/13/2007, 17:17:03] - File to disable: C:\WINDOWS\system32\awtrqqp.dll
    [11/13/2007, 17:17:04] - Renaming C:\WINDOWS\system32\awtrqqp.dll -> C:\WINDOWS\system32\awtrqqp.dll.vir
    [11/13/2007, 17:17:04] - File successfully renamed!
    [11/13/2007, 17:17:04] - Removing HKLM\...\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
    [11/13/2007, 17:17:04] - Removing HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
    [11/13/2007, 17:17:04] - Adding Kill Bit for ActiveX for GUID: {01CD0B31-9154-45F2-9414-F5D64B74EAF6}
    [11/13/2007, 17:17:04] - Deleting ATLEvents/MSEvents Registry entries
    [11/13/2007, 17:17:04] - Removing HKLM\...\Winlogon\Notify\awtrqqp
    [11/13/2007, 17:17:04] - Searching for Browser Helper Objects:
    [11/13/2007, 17:17:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:05] - No filename found. Continuing.
    [11/13/2007, 17:17:05] - BHO 2: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:05] - No filename found. Continuing.
    [11/13/2007, 17:17:05] - BHO 3: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:05] - No filename found. Continuing.
    [11/13/2007, 17:17:05] - BHO 4: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:05] - No filename found. Continuing.
    [11/13/2007, 17:17:05] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/13/2007, 17:17:05] - BHO 6: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:05] - No filename found. Continuing.
    [11/13/2007, 17:17:05] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/13/2007, 17:17:05] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:05] - No filename found. Continuing.
    [11/13/2007, 17:17:05] - BHO 9: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
    [11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:06] - No filename found. Continuing.
    [11/13/2007, 17:17:06] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/13/2007, 17:17:06] - BHO 11: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
    [11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:06] - Checking for HKLM\...\Winlogon\Notify\ddaba
    [11/13/2007, 17:17:06] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
    [11/13/2007, 17:17:06] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
    [11/13/2007, 17:17:06] - ALERT: Found MSEvents Object!
    [11/13/2007, 17:17:06] - BHO 13: {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} ()
    [11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:06] - Checking for HKLM\...\Winlogon\Notify\caws83122.exe
    [11/13/2007, 17:17:06] - Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
    [11/13/2007, 17:17:06] - BHO 14: {BBF29C49-9213-44F5-B740-43787719F53A} ()
    [11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:06] - Checking for HKLM\...\Winlogon\Notify\gebya
    [11/13/2007, 17:17:06] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
    [11/13/2007, 17:17:06] - BHO 15: {BD72F158-D54D-4C47-8D29-FA7A659F6518} ()
    [11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:06] - No filename found. Continuing.
    [11/13/2007, 17:17:06] - BHO 16: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [11/13/2007, 17:17:06] - BHO 17: {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} ()
    [11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:06] - No filename found. Continuing.
    [11/13/2007, 17:17:06] - Finished Searching Browser Helper Objects
    [11/13/2007, 17:17:06] - *** Detected MSEvents Object
    [11/13/2007, 17:17:06] - Trying to remove MSEvents Object...
    [11/13/2007, 17:17:07] - Terminating Process: IEXPLORE.EXE
    [11/13/2007, 17:17:07] - Terminating Process: RUNDLL32.EXE
    [11/13/2007, 17:17:08] - Disabling Automatic Shell Restart
    [11/13/2007, 17:17:08] - Terminating Process: EXPLORER.EXE
    [11/13/2007, 17:17:08] - Suspending the NT Session Manager System Service
    [11/13/2007, 17:17:08] - Terminating Windows NT Logon/Logoff Manager
    [11/13/2007, 17:17:08] - Re-enabling Automatic Shell Restart
    [11/13/2007, 17:17:08] - File to disable: C:\WINDOWS\system32\hjfcevrb.dll
    [11/13/2007, 17:17:08] - Renaming C:\WINDOWS\system32\hjfcevrb.dll -> C:\WINDOWS\system32\hjfcevrb.dll.vir
    [11/13/2007, 17:17:08] - File successfully renamed!
    [11/13/2007, 17:17:08] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    [11/13/2007, 17:17:08] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    [11/13/2007, 17:17:08] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
    [11/13/2007, 17:17:09] - Deleting ATLEvents/MSEvents Registry entries
    [11/13/2007, 17:17:09] - Removing HKLM\...\Winlogon\Notify\hjfcevrb
    [11/13/2007, 17:17:09] - Searching for Browser Helper Objects:
    [11/13/2007, 17:17:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
    [11/13/2007, 17:17:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:09] - No filename found. Continuing.
    [11/13/2007, 17:17:09] - BHO 2: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - No filename found. Continuing.
    [11/13/2007, 17:17:10] - BHO 3: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - No filename found. Continuing.
    [11/13/2007, 17:17:10] - BHO 4: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - No filename found. Continuing.
    [11/13/2007, 17:17:10] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/13/2007, 17:17:10] - BHO 6: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - No filename found. Continuing.
    [11/13/2007, 17:17:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/13/2007, 17:17:10] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - No filename found. Continuing.
    [11/13/2007, 17:17:10] - BHO 9: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - No filename found. Continuing.
    [11/13/2007, 17:17:10] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/13/2007, 17:17:10] - BHO 11: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - Checking for HKLM\...\Winlogon\Notify\ddaba
    [11/13/2007, 17:17:10] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
    [11/13/2007, 17:17:10] - BHO 12: {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} ()
    [11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:10] - Checking for HKLM\...\Winlogon\Notify\caws83122.exe
    [11/13/2007, 17:17:10] - Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
    [11/13/2007, 17:17:11] - BHO 13: {BBF29C49-9213-44F5-B740-43787719F53A} ()
    [11/13/2007, 17:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:11] - Checking for HKLM\...\Winlogon\Notify\gebya
    [11/13/2007, 17:17:11] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
    [11/13/2007, 17:17:11] - BHO 14: {BD72F158-D54D-4C47-8D29-FA7A659F6518} ()
    [11/13/2007, 17:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:11] - No filename found. Continuing.
    [11/13/2007, 17:17:11] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [11/13/2007, 17:17:11] - BHO 16: {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} ()
    [11/13/2007, 17:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 17:17:11] - No filename found. Continuing.
    [11/13/2007, 17:17:11] - Finished Searching Browser Helper Objects
    [11/13/2007, 17:17:11] - Finishing up...
    [11/13/2007, 17:17:11] - A restart is needed.
    [11/13/2007, 17:17:11] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
    [11/13/2007, 17:17:24] - Attempting to Restart via STOP error (Blue Screen!)
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais le reste
    0
  12. orros75 Messages postés 16 Statut Membre
     
    voila le rapport combofix......ComboFix 07-11-08.1 - Administrateur 2007-11-13 17:38:38.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.392 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur\Mes documents\Mes téléchargements\ComboFix.exe
    * Created a new restore point
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\install\install.exe
    C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\inetget2\emg.exe
    C:\Program Files\Insider
    C:\Program Files\Insider\Insider.exe
    C:\Program Files\Temporary
    C:\Program Files\Temporary\wininstall.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\b111.exe
    C:\WINDOWS\b128.exe
    C:\WINDOWS\b147.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\__c0023238.dat
    C:\WINDOWS\system32\__c008F7A4.dat
    C:\WINDOWS\system32\__c00EA5EA.dat
    C:\WINDOWS\system32\abadd.bak1
    C:\WINDOWS\system32\abadd.ini
    C:\WINDOWS\system32\aybeg.ini2
    C:\WINDOWS\system32\aybeg.tmp
    C:\WINDOWS\system32\b3
    C:\WINDOWS\system32\ddaba.dll
    C:\WINDOWS\system32\dyqkyoyt.dll
    C:\WINDOWS\system32\e1
    C:\WINDOWS\system32\e1\caws83122.exe
    C:\WINDOWS\system32\edyltitg.dllbox
    C:\WINDOWS\system32\fccayay.dll
    C:\WINDOWS\system32\hjfcevrb.dllbox
    C:\WINDOWS\system32\lgvuebxu.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\swcdcdiw.dll
    C:\WINDOWS\system32\u4
    C:\WINDOWS\system32\yezplgxc.dllbox
    C:\WINDOWS\system32\yqcjyaor.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-13 17:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-13 10:47 80,448 --a------ C:\WINDOWS\system32\umjwyugi.dll
    2007-11-13 10:41 88,128 --a------ C:\WINDOWS\system32\ocyyglll.dll
    2007-11-13 10:41 36,352 --a------ C:\WINDOWS\system32\awtrqqp.dll.vir
    2007-11-12 22:20 <REP> d-------- C:\VundoFix Backups
    2007-11-12 22:04 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-11-12 22:02 71,232 --a------ C:\WINDOWS\system32\pxjfguod.exe
    2007-11-12 21:28 <REP> d-------- C:\Program Files\Panda Security
    2007-11-12 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-12 18:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
    2007-11-12 18:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-12 10:23 81,472 --a------ C:\WINDOWS\system32\unaqtnre.dll
    2007-11-12 10:19 89,664 --a------ C:\WINDOWS\system32\ebsepxdb.dll
    2007-11-12 10:04 71,232 --a------ C:\WINDOWS\system32\vvlvddmh.exe
    2007-11-12 09:41 36,352 --a------ C:\WINDOWS\system32\yayaaba.dll
    2007-11-11 21:58 9,808 --a------ C:\ir-1-1148.exe
    2007-11-11 21:35 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
    2007-11-11 21:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-11-11 14:06 79,936 --a------ C:\WINDOWS\system32\qkrvguvm.dll
    2007-11-11 14:03 88,128 --a------ C:\WINDOWS\system32\odphkeft.dll
    2007-11-11 10:55 36,352 --a------ C:\WINDOWS\system32\rqrrqop.dll
    2007-11-10 14:06 81,472 --a------ C:\WINDOWS\system32\imwwetns.dll
    2007-11-10 10:24 134 --a------ C:\n.bat
    2007-11-10 10:23 36,352 --a------ C:\WINDOWS\system32\awtttqr.dll
    2007-11-10 10:23 5,879 --a------ C:\Documents and Settings\Administrateur\x.dat
    2007-11-10 10:23 0 --a------ C:\x.dat
    2007-11-10 10:22 172,032 --a------ C:\winlogon.exe
    2007-11-10 10:22 45,878 --a------ C:\Documents and Settings\Administrateur\z.dat
    2007-11-10 10:22 0 --a------ C:\z.dat
    2007-11-09 14:05 77,888 --a------ C:\WINDOWS\system32\smdgganl.dll
    2007-11-09 13:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-09 13:01 <REP> d-------- C:\Program Files\Navilog1
    2007-11-09 10:25 2,372 --a------ C:\WINDOWS\mozver.dat
    2007-11-09 10:02 0 --a------ C:\WINDOWS\nsreg.dat
    2007-11-09 10:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
    2007-11-09 09:47 <REP> d-------- C:\Program Files\Lavasoft
    2007-11-09 09:47 80,448 --a------ C:\WINDOWS\system32\dhdnxqou.dll
    2007-11-08 14:58 80,448 --a------ C:\WINDOWS\system32\vameppxp.dll
    2007-11-08 14:53 145,984 --a------ C:\WINDOWS\system32\jgjvisng.dll
    2007-11-08 14:53 145,984 --a------ C:\WINDOWS\system32\hjfcevrb.dll.vir
    2007-11-08 14:53 71,232 --a------ C:\WINDOWS\system32\nlpxegko.exe
    2007-11-08 14:51 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-11-08 14:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
    2007-11-08 14:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-11-08 13:59 35,328 --a------ C:\WINDOWS\system32\urqoomm.dll
    2007-11-08 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-08 12:17 35,328 --a------ C:\WINDOWS\system32\khfdayw.dll
    2007-11-08 11:58 15,937 --a------ C:\WINDOWS\system32\instdump.zip
    2007-11-07 19:03 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-07 19:00 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-11-07 19:00 <REP> d-------- C:\Temp\mZOr
    2007-11-07 19:00 <REP> d-------- C:\Temp
    2007-11-07 19:00 225,120 --a------ C:\Temp\crda.exe
    2007-11-06 21:09 <REP> d-------- C:\Program Files\UltraMixer
    2007-11-06 21:09 <REP> d-------- C:\Documents and Settings\Administrateur\.ultramixer
    2007-11-06 17:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Adssite Advanced Toolbar
    2007-11-06 17:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2007-11-06 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\Incomplete
    2007-11-06 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2007-11-06 00:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-11-05 22:33 <REP> d-------- C:\WINDOWS\Sun
    2007-11-05 11:01 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-11-05 11:00 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-11-05 10:58 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-11-04 21:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-11-04 21:58 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-11-04 10:38 <REP> d-------- C:\WINDOWS\system32\Filt
    2007-11-04 10:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
    2007-11-04 00:12 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2007-11-04 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2007-11-04 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2007-11-04 00:12 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
    2007-11-03 18:27 <REP> d-------- C:\Program Files\EoRezo
    2007-11-03 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OtakuSoftware
    2007-11-03 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
    2007-11-03 18:06 <REP> d-------- C:\WINDOWS\system32\Defaults
    2007-11-03 18:06 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT
    2007-11-03 18:05 <REP> d-------- C:\WINDOWS\system32\Data
    2007-11-03 18:05 <REP> d-------- C:\Program Files\InstallShield Installation Information
    2007-11-03 18:05 179,669 --a------ C:\WINDOWS\system32\ctstatic.dat
    2007-11-03 18:05 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat
    2007-11-03 18:05 113,373 --a------ C:\WINDOWS\system32\ctbasicw.dat
    2007-11-03 18:05 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT
    2007-11-03 18:05 44,055 --a------ C:\WINDOWS\system32\ctdaught.dat
    2007-11-03 18:04 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
    2007-11-03 18:04 <REP> d-------- C:\Program Files\Creative
    2007-11-03 18:04 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
    2007-11-03 17:30 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
    2007-11-03 17:28 <REP> d-------- C:\Program Files\Windows Live Favorites
    2007-11-03 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-11-03 17:26 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2007-11-03 17:25 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
    2007-11-03 17:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Kazaa Lite
    2007-11-03 15:58 <REP> d-------- C:\Program Files\Alwil Software
    2007-11-03 15:13 <REP> d--hs---- C:\Recycled
    2007-11-03 14:58 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2007-11-03 14:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 21:04 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-11-12 17:01 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2007-11-12 17:01 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
    2007-11-12 17:01 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2007-11-12 17:01 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
    2007-11-07 18:03 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-08-22 13:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 13:13 663,040 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 13:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 13:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 13:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 13:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 13:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 13:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 13:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 13:13 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 13:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 13:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 13:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 13:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 13:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 13:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 13:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 13:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F137E1B-383B-4A02-A48C-07667047FCA9}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BA6470-E47A-477B-A5D8-4232DCB16026}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45b22467-5995-4d6d-b2aa-ffaed1a7edbd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59760DA8-97A6-4F1C-8653-28B10EE12B94}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8123E8DC-386D-4F04-833E-A74FFEFEDA70}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7745392-A2AA-476B-8856-B6D0F7F90022}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B076F2A2-B78C-436E-A0EE-8905F7DAADF1}]
    C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBF29C49-9213-44F5-B740-43787719F53A}]
    C:\WINDOWS\system32\gebya.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD72F158-D54D-4C47-8D29-FA7A659F6518}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-10-25 17:20]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaba.dll

    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-13 16:43:16 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 17:58:58
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-13 18:01:13 - machine was rebooted
    .
    --- E O F ---
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport d'un scan en ligne
    avec : (desactive avast le temps du scan)

    Panda en ligne :
    http://pandasoftware.fr

    _____________

    recolle ensuite un rapport hijackthis
    0
  14. orros75 Messages postés 16 Statut Membre
     
    En tout cas un grand merci pour ton aide.
    voici le rapport hijack.Logfile of HijackThis v1.99.1
    Scan saved at 18:06, on 13/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {2F137E1B-383B-4A02-A48C-07667047FCA9} - (no file)
    O2 - BHO: (no name) - {43BA6470-E47A-477B-A5D8-4232DCB16026} - (no file)
    O2 - BHO: (no name) - {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {59760DA8-97A6-4F1C-8653-28B10EE12B94} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8123E8DC-386D-4F04-833E-A74FFEFEDA70} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A7745392-A2AA-476B-8856-B6D0F7F90022} - (no file)
    O2 - BHO: (no name) - {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} - C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
    O2 - BHO: (no name) - {BBF29C49-9213-44F5-B740-43787719F53A} - C:\WINDOWS\system32\gebya.dll (file missing)
    O2 - BHO: (no name) - {BD72F158-D54D-4C47-8D29-FA7A659F6518} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c4adc6db09cf46ba84382b7cdfc81633
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c4adc6db09cf46ba84382b7cdfc81633
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://bitdefender.solutions-antivirus.com/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {2F137E1B-383B-4A02-A48C-07667047FCA9} - (no file)
    O2 - BHO: (no name) - {43BA6470-E47A-477B-A5D8-4232DCB16026} - (no file)
    O2 - BHO: (no name) - {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} - (no file)
    O2 - BHO: (no name) - {59760DA8-97A6-4F1C-8653-28B10EE12B94} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8123E8DC-386D-4F04-833E-A74FFEFEDA70} - (no file)
    O2 - BHO: (no name) - {A7745392-A2AA-476B-8856-B6D0F7F90022} - (no file)
    O2 - BHO: (no name) - {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} - C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
    O2 - BHO: (no name) - {BBF29C49-9213-44F5-B740-43787719F53A} - C:\WINDOWS\system32\gebya.dll (file missing)
    O2 - BHO: (no name) - {BD72F158-D54D-4C47-8D29-FA7A659F6518} - (no file)

    O2 - BHO: (no name) - {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} - (no file)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    __________________________

    colle le rapport d'un scan en ligne
    avec : (desactive avast le temps du scan)

    Panda en ligne :
    http://pandasoftware.fr
    0
  16. orros75 Messages postés 16 Statut Membre
     
    voila le scan panda ...;***********************************************************************************************************************************************************************************
    ANALYSIS: 2007-11-13 20:14:00
    PROTECTIONS: 1
    MALWARE: 13
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.7.1074 [VPS 071113-1] 4.7.1074 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[.xiti.com/]
    00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[fe.lea.lycos.fr/]
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@apmebf[1].txt
    00176499 Cookie/Maxifiles TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@www.maxifiles[2].txt
    00176500 Cookie/Maxifiles TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@goto.maxifiles[1].txt
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[.adultfriendfinder.com/]
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
    02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\NLPXEGKO.EXE
    02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\VVLVDDMH.EXE
    02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\PXJFGUOD.EXE
    02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\JGJVISNG.DLL
    02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hjfcevrb.dll.vir
    02690921 Trj/Multidropper.RJS Virus/Trojan No 0 Yes No C:\WINLOGON.EXE
    02691065 Trj/Downloader.RBV Virus/Trojan No 0 Yes No C:\ir-1-1148.exe
    02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\YAYAABA.DLL
    02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\awtrqqp.dll.vir
    02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\RQRRQOP.DLL
    02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\AWTTTQR.DLL
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    utilise pour supprimer tes traces (cookies et fichiers temporaires ...........)

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ____________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\nlpxegko.exe
    C:\WINDOWS\system32\vvlvddmh.exe
    C:\WINDOWS\system32\pxjfguod.exe
    C:\WINDOWS\system32\jgjvisng.dll
    C:\WINDOWS\system32\hjfcevrb.dll.vir
    C:\ir-1-1148.exe
    C:\WINDOWS\system32\yayaaba.dll
    C:\WINDOWS\system32\awtrqqp.dll.vir
    C:\WINDOWS\system32\awtttqr.dll
    C:\WINDOWS\system32\rqrrqop.dll
    C:\WINDOWS\system32\aybeg.ini2
    C:\WINDOWS\system32\abadd.bak1
    C:\WINDOWS\system32\abadd.bak2

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ________________________________

    Télécharge MSNFix de Laurent
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement

    ________________________________

    analyse ces fichiers sur virus total et dis moi lequels sont contaminés: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\umjwyugi.dll
    C:\WINDOWS\system32\ocyyglll.dll
    C:\WINDOWS\system32\unaqtnre.dll
    C:\WINDOWS\system32\ebsepxdb.dll
    C:\WINDOWS\system32\qkrvguvm.dll
    C:\WINDOWS\system32\odphkeft.dll
    C:\WINDOWS\system32\imwwetns.dll
    C:\WINDOWS\system32\smdgganl.dll
    C:\WINDOWS\system32\dhdnxqou.dll
    C:\WINDOWS\system32\vameppxp.dll
    C:\WINDOWS\system32\urqoomm.dll
    C:\WINDOWS\system32\khfdayw.dll
    C:\WINDOWS\system32\instdump.zip
    0
  18. orros75 Messages postés 16 Statut Membre
     
    salut voici le rapport de OT.....
    C:\WINDOWS\system32\nlpxegko.exe moved successfully.
    C:\WINDOWS\system32\vvlvddmh.exe moved successfully.
    C:\WINDOWS\system32\pxjfguod.exe moved successfully.
    C:\WINDOWS\system32\jgjvisng.dll unregistered successfully.
    C:\WINDOWS\system32\jgjvisng.dll moved successfully.
    C:\WINDOWS\system32\hjfcevrb.dll.vir moved successfully.
    C:\ir-1-1148.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayaaba.dll
    C:\WINDOWS\system32\yayaaba.dll NOT unregistered.
    C:\WINDOWS\system32\yayaaba.dll moved successfully.
    C:\WINDOWS\system32\awtrqqp.dll.vir moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtttqr.dll
    C:\WINDOWS\system32\awtttqr.dll NOT unregistered.
    C:\WINDOWS\system32\awtttqr.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrrqop.dll
    C:\WINDOWS\system32\rqrrqop.dll NOT unregistered.
    C:\WINDOWS\system32\rqrrqop.dll moved successfully.
    File/Folder C:\WINDOWS\system32\aybeg.ini2 not found.
    File/Folder C:\WINDOWS\system32\abadd.bak1 not found.
    File/Folder C:\WINDOWS\system32\abadd.bak2 not found.

    Created on 11/14/2007 17:28:38
    0
  19. orros75 Messages postés 16 Statut Membre
     
    voici le rapport de msnfix....
    MSNFix 1.577

    C:\MSNFix
    Fix exécuté le 14/11/2007 - 17:42:24,70 By Administrateur
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\carlton
    ... C:\WINDOWS\system32\microsoft\backup.ftp
    ... C:\WINDOWS\system32\microsoft\backup.tftp

    ************************ MSNCHK ***** /!\ beta test /!\

    ************************ Recherche les dossiers présents

    ... C:\Program Files\Fichiers communs\Carlson\
    ... C:\Install\
    ... C:\Temp\

    ************************ Suppression des fichiers

    .. OK ... C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\carlton
    .. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
    .. OK ... C:\WINDOWS\system32\microsoft\backup.tftp

    ************************ Suppression des dossiers

    .. OK ... C:\Program Files\Fichiers communs\Carlson\
    .. OK ... C:\Install\
    .. OK ... C:\Temp\

    ************************ Nettoyage du registre

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\WINDOWS\system32\instdump.zip] CEC2C459CAAB9DCA36BBE4E61C38C46B
    [C:\winlogon.exe] 2D19413FB880EB02DA5EF31D7001423E

    [color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ADMINI~1\BUREAU\Upload_Me.zip [/b] sur http://upload.changelog.fr

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 14112007_17455782.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse aussi ce fichier sur virus total

    C:\WINDOWS\system32\instdump.zip
    0
  21. orros75 Messages postés 16 Statut Membre
     
    je n'arrive pas a faire un copier coller avec virs total???? comment faire merci.
    0
  • 1
  • 2