Sujet Précédent Sujet Suivant

Probleme avec trojan spm/lx et trojan tj/bz

orros75 Messages postés 16 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
bonjour, j'ai un gros souci avec des trojans. etant novice je vous demande de l'aide.merci bcp
A voir également:

29 réponses

  • 1
  • 2
Réponse 1 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

lance
AVG antispyware

https://www.01net.com/telecharger/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
0
Réponse 2 / 29
orros75 Messages postés 16 Statut Membre
 
salut je n'ai rien sur le rapport avg il a tt suprimer,mais le probleme est tjs la (ouverture intenpestif de fenetre pour acheter des antivirus). en te remercient.
0
Réponse 3 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

_______________
0
Réponse 4 / 29
orros75 Messages postés 16 Statut Membre
 
voila le rapport ...Search Navipromo version 3.3.5 commencé le 12/11/2007 à 21:44:13,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 08.11.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1 *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\aybeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\abadd.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\abadd.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche Heuristique :

3)Recherche Certificats :

Certificat Egroup absent !

*** Analyse terminée le 12/11/2007 à 21:45:28,93 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok tu as des infections vundo:

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

_______________________

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________________
puis :

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_________________

recolle ensuite un rapport hijackthis
0
Réponse 6 / 29
orros75 Messages postés 16 Statut Membre
 
voila le rapport Logfile of HijackThis v1.99.1
Scan saved at 22:05:35, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2F137E1B-383B-4A02-A48C-07667047FCA9} - C:\WINDOWS\system32\ddaba.dll
O2 - BHO: (no name) - {43BA6470-E47A-477B-A5D8-4232DCB16026} - (no file)
O2 - BHO: (no name) - {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8123E8DC-386D-4F04-833E-A74FFEFEDA70} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hjfcevrb.dll
O2 - BHO: (no name) - {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} - C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {BBF29C49-9213-44F5-B740-43787719F53A} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {BD72F158-D54D-4C47-8D29-FA7A659F6518} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hjfcevrb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c4adc6db09cf46ba84382b7cdfc81633
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c4adc6db09cf46ba84382b7cdfc81633
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://bitdefender.solutions-antivirus.com/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: hjfcevrb - C:\WINDOWS\SYSTEM32\hjfcevrb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0
Réponse 7 / 29
orros75 Messages postés 16 Statut Membre
 
re vundo ne trouve rien ?????
0
Réponse 8 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pas de souci , le reste trouvera
0
Réponse 9 / 29
orros75 Messages postés 16 Statut Membre
 
ok je te remerci. voila le scan de virtu....
[11/13/2007, 17:16:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Mes documents\Mes téléchargements\VirtumundoBeGone.exe" )
[11/13/2007, 17:16:57] - Detected System Information:
[11/13/2007, 17:16:57] - Windows Version: 5.1.2600, Service Pack 2
[11/13/2007, 17:16:57] - Current Username: Administrateur (Admin)
[11/13/2007, 17:16:57] - Windows is in NORMAL mode.
[11/13/2007, 17:16:57] - Searching for Browser Helper Objects:
[11/13/2007, 17:16:57] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} ()
[11/13/2007, 17:16:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:57] - Checking for HKLM\...\Winlogon\Notify\awtrqqp
[11/13/2007, 17:16:57] - Found: HKLM\...\Winlogon\Notify\awtrqqp - This is probably Virtumundo.
[11/13/2007, 17:16:57] - Assigning {01CD0B31-9154-45F2-9414-F5D64B74EAF6} MSEvents Object
[11/13/2007, 17:16:57] - BHO list has been changed! Starting over...
[11/13/2007, 17:16:57] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} (MSEvents Object)
[11/13/2007, 17:16:57] - ALERT: Found MSEvents Object!
[11/13/2007, 17:16:57] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
[11/13/2007, 17:16:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:57] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 3: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 4: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 5: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/13/2007, 17:16:58] - BHO 7: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/13/2007, 17:16:58] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 10: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - No filename found. Continuing.
[11/13/2007, 17:16:58] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 17:16:58] - BHO 12: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
[11/13/2007, 17:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:58] - Checking for HKLM\...\Winlogon\Notify\ddaba
[11/13/2007, 17:16:59] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
[11/13/2007, 17:16:59] - BHO 13: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:59] - Checking for HKLM\...\Winlogon\Notify\hjfcevrb
[11/13/2007, 17:16:59] - Found: HKLM\...\Winlogon\Notify\hjfcevrb - This is probably Virtumundo.
[11/13/2007, 17:16:59] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/13/2007, 17:16:59] - BHO list has been changed! Starting over...
[11/13/2007, 17:16:59] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} (MSEvents Object)
[11/13/2007, 17:16:59] - ALERT: Found MSEvents Object!
[11/13/2007, 17:16:59] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
[11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:59] - No filename found. Continuing.
[11/13/2007, 17:16:59] - BHO 3: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
[11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:59] - No filename found. Continuing.
[11/13/2007, 17:16:59] - BHO 4: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
[11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:59] - No filename found. Continuing.
[11/13/2007, 17:16:59] - BHO 5: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
[11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:16:59] - No filename found. Continuing.
[11/13/2007, 17:16:59] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/13/2007, 17:16:59] - BHO 7: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
[11/13/2007, 17:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - No filename found. Continuing.
[11/13/2007, 17:17:00] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/13/2007, 17:17:00] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - No filename found. Continuing.
[11/13/2007, 17:17:00] - BHO 10: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
[11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - No filename found. Continuing.
[11/13/2007, 17:17:00] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 17:17:00] - BHO 12: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
[11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - Checking for HKLM\...\Winlogon\Notify\ddaba
[11/13/2007, 17:17:00] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
[11/13/2007, 17:17:00] - BHO 13: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/13/2007, 17:17:00] - ALERT: Found MSEvents Object!
[11/13/2007, 17:17:00] - BHO 14: {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} ()
[11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - Checking for HKLM\...\Winlogon\Notify\caws83122.exe
[11/13/2007, 17:17:00] - Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
[11/13/2007, 17:17:00] - BHO 15: {BBF29C49-9213-44F5-B740-43787719F53A} ()
[11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - Checking for HKLM\...\Winlogon\Notify\gebya
[11/13/2007, 17:17:00] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[11/13/2007, 17:17:00] - BHO 16: {BD72F158-D54D-4C47-8D29-FA7A659F6518} ()
[11/13/2007, 17:17:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:00] - No filename found. Continuing.
[11/13/2007, 17:17:01] - BHO 17: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/13/2007, 17:17:01] - BHO 18: {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} ()
[11/13/2007, 17:17:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:01] - No filename found. Continuing.
[11/13/2007, 17:17:01] - Finished Searching Browser Helper Objects
[11/13/2007, 17:17:01] - *** Detected MSEvents Object
[11/13/2007, 17:17:01] - Trying to remove MSEvents Object...
[11/13/2007, 17:17:02] - Terminating Process: IEXPLORE.EXE
[11/13/2007, 17:17:02] - Terminating Process: RUNDLL32.EXE
[11/13/2007, 17:17:02] - Disabling Automatic Shell Restart
[11/13/2007, 17:17:02] - Terminating Process: EXPLORER.EXE
[11/13/2007, 17:17:03] - Suspending the NT Session Manager System Service
[11/13/2007, 17:17:03] - Terminating Windows NT Logon/Logoff Manager
[11/13/2007, 17:17:03] - Re-enabling Automatic Shell Restart
[11/13/2007, 17:17:03] - File to disable: C:\WINDOWS\system32\awtrqqp.dll
[11/13/2007, 17:17:04] - Renaming C:\WINDOWS\system32\awtrqqp.dll -> C:\WINDOWS\system32\awtrqqp.dll.vir
[11/13/2007, 17:17:04] - File successfully renamed!
[11/13/2007, 17:17:04] - Removing HKLM\...\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
[11/13/2007, 17:17:04] - Removing HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
[11/13/2007, 17:17:04] - Adding Kill Bit for ActiveX for GUID: {01CD0B31-9154-45F2-9414-F5D64B74EAF6}
[11/13/2007, 17:17:04] - Deleting ATLEvents/MSEvents Registry entries
[11/13/2007, 17:17:04] - Removing HKLM\...\Winlogon\Notify\awtrqqp
[11/13/2007, 17:17:04] - Searching for Browser Helper Objects:
[11/13/2007, 17:17:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:05] - No filename found. Continuing.
[11/13/2007, 17:17:05] - BHO 2: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:05] - No filename found. Continuing.
[11/13/2007, 17:17:05] - BHO 3: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:05] - No filename found. Continuing.
[11/13/2007, 17:17:05] - BHO 4: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:05] - No filename found. Continuing.
[11/13/2007, 17:17:05] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/13/2007, 17:17:05] - BHO 6: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:05] - No filename found. Continuing.
[11/13/2007, 17:17:05] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/13/2007, 17:17:05] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:05] - No filename found. Continuing.
[11/13/2007, 17:17:05] - BHO 9: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
[11/13/2007, 17:17:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:06] - No filename found. Continuing.
[11/13/2007, 17:17:06] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 17:17:06] - BHO 11: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
[11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:06] - Checking for HKLM\...\Winlogon\Notify\ddaba
[11/13/2007, 17:17:06] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
[11/13/2007, 17:17:06] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/13/2007, 17:17:06] - ALERT: Found MSEvents Object!
[11/13/2007, 17:17:06] - BHO 13: {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} ()
[11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:06] - Checking for HKLM\...\Winlogon\Notify\caws83122.exe
[11/13/2007, 17:17:06] - Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
[11/13/2007, 17:17:06] - BHO 14: {BBF29C49-9213-44F5-B740-43787719F53A} ()
[11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:06] - Checking for HKLM\...\Winlogon\Notify\gebya
[11/13/2007, 17:17:06] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[11/13/2007, 17:17:06] - BHO 15: {BD72F158-D54D-4C47-8D29-FA7A659F6518} ()
[11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:06] - No filename found. Continuing.
[11/13/2007, 17:17:06] - BHO 16: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/13/2007, 17:17:06] - BHO 17: {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} ()
[11/13/2007, 17:17:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:06] - No filename found. Continuing.
[11/13/2007, 17:17:06] - Finished Searching Browser Helper Objects
[11/13/2007, 17:17:06] - *** Detected MSEvents Object
[11/13/2007, 17:17:06] - Trying to remove MSEvents Object...
[11/13/2007, 17:17:07] - Terminating Process: IEXPLORE.EXE
[11/13/2007, 17:17:07] - Terminating Process: RUNDLL32.EXE
[11/13/2007, 17:17:08] - Disabling Automatic Shell Restart
[11/13/2007, 17:17:08] - Terminating Process: EXPLORER.EXE
[11/13/2007, 17:17:08] - Suspending the NT Session Manager System Service
[11/13/2007, 17:17:08] - Terminating Windows NT Logon/Logoff Manager
[11/13/2007, 17:17:08] - Re-enabling Automatic Shell Restart
[11/13/2007, 17:17:08] - File to disable: C:\WINDOWS\system32\hjfcevrb.dll
[11/13/2007, 17:17:08] - Renaming C:\WINDOWS\system32\hjfcevrb.dll -> C:\WINDOWS\system32\hjfcevrb.dll.vir
[11/13/2007, 17:17:08] - File successfully renamed!
[11/13/2007, 17:17:08] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/13/2007, 17:17:08] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/13/2007, 17:17:08] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/13/2007, 17:17:09] - Deleting ATLEvents/MSEvents Registry entries
[11/13/2007, 17:17:09] - Removing HKLM\...\Winlogon\Notify\hjfcevrb
[11/13/2007, 17:17:09] - Searching for Browser Helper Objects:
[11/13/2007, 17:17:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
[11/13/2007, 17:17:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:09] - No filename found. Continuing.
[11/13/2007, 17:17:09] - BHO 2: {2F137E1B-383B-4A02-A48C-07667047FCA9} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - No filename found. Continuing.
[11/13/2007, 17:17:10] - BHO 3: {43BA6470-E47A-477B-A5D8-4232DCB16026} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - No filename found. Continuing.
[11/13/2007, 17:17:10] - BHO 4: {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - No filename found. Continuing.
[11/13/2007, 17:17:10] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/13/2007, 17:17:10] - BHO 6: {59760DA8-97A6-4F1C-8653-28B10EE12B94} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - No filename found. Continuing.
[11/13/2007, 17:17:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/13/2007, 17:17:10] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - No filename found. Continuing.
[11/13/2007, 17:17:10] - BHO 9: {8123E8DC-386D-4F04-833E-A74FFEFEDA70} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - No filename found. Continuing.
[11/13/2007, 17:17:10] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 17:17:10] - BHO 11: {A7745392-A2AA-476B-8856-B6D0F7F90022} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - Checking for HKLM\...\Winlogon\Notify\ddaba
[11/13/2007, 17:17:10] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
[11/13/2007, 17:17:10] - BHO 12: {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} ()
[11/13/2007, 17:17:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:10] - Checking for HKLM\...\Winlogon\Notify\caws83122.exe
[11/13/2007, 17:17:10] - Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
[11/13/2007, 17:17:11] - BHO 13: {BBF29C49-9213-44F5-B740-43787719F53A} ()
[11/13/2007, 17:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:11] - Checking for HKLM\...\Winlogon\Notify\gebya
[11/13/2007, 17:17:11] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[11/13/2007, 17:17:11] - BHO 14: {BD72F158-D54D-4C47-8D29-FA7A659F6518} ()
[11/13/2007, 17:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:11] - No filename found. Continuing.
[11/13/2007, 17:17:11] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/13/2007, 17:17:11] - BHO 16: {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} ()
[11/13/2007, 17:17:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 17:17:11] - No filename found. Continuing.
[11/13/2007, 17:17:11] - Finished Searching Browser Helper Objects
[11/13/2007, 17:17:11] - Finishing up...
[11/13/2007, 17:17:11] - A restart is needed.
[11/13/2007, 17:17:11] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[11/13/2007, 17:17:24] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 10 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais le reste
0
Réponse 11 / 29
orros75 Messages postés 16 Statut Membre
 
voila le rapport combofix......ComboFix 07-11-08.1 - Administrateur 2007-11-13 17:38:38.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.392 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Mes documents\Mes téléchargements\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\install\install.exe
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\emg.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b111.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0023238.dat
C:\WINDOWS\system32\__c008F7A4.dat
C:\WINDOWS\system32\__c00EA5EA.dat
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\dyqkyoyt.dll
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\edyltitg.dllbox
C:\WINDOWS\system32\fccayay.dll
C:\WINDOWS\system32\hjfcevrb.dllbox
C:\WINDOWS\system32\lgvuebxu.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\swcdcdiw.dll
C:\WINDOWS\system32\u4
C:\WINDOWS\system32\yezplgxc.dllbox
C:\WINDOWS\system32\yqcjyaor.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 17:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 10:47 80,448 --a------ C:\WINDOWS\system32\umjwyugi.dll
2007-11-13 10:41 88,128 --a------ C:\WINDOWS\system32\ocyyglll.dll
2007-11-13 10:41 36,352 --a------ C:\WINDOWS\system32\awtrqqp.dll.vir
2007-11-12 22:20 <REP> d-------- C:\VundoFix Backups
2007-11-12 22:04 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-11-12 22:02 71,232 --a------ C:\WINDOWS\system32\pxjfguod.exe
2007-11-12 21:28 <REP> d-------- C:\Program Files\Panda Security
2007-11-12 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-12 18:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-12 18:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-12 10:23 81,472 --a------ C:\WINDOWS\system32\unaqtnre.dll
2007-11-12 10:19 89,664 --a------ C:\WINDOWS\system32\ebsepxdb.dll
2007-11-12 10:04 71,232 --a------ C:\WINDOWS\system32\vvlvddmh.exe
2007-11-12 09:41 36,352 --a------ C:\WINDOWS\system32\yayaaba.dll
2007-11-11 21:58 9,808 --a------ C:\ir-1-1148.exe
2007-11-11 21:35 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2007-11-11 21:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-11 14:06 79,936 --a------ C:\WINDOWS\system32\qkrvguvm.dll
2007-11-11 14:03 88,128 --a------ C:\WINDOWS\system32\odphkeft.dll
2007-11-11 10:55 36,352 --a------ C:\WINDOWS\system32\rqrrqop.dll
2007-11-10 14:06 81,472 --a------ C:\WINDOWS\system32\imwwetns.dll
2007-11-10 10:24 134 --a------ C:\n.bat
2007-11-10 10:23 36,352 --a------ C:\WINDOWS\system32\awtttqr.dll
2007-11-10 10:23 5,879 --a------ C:\Documents and Settings\Administrateur\x.dat
2007-11-10 10:23 0 --a------ C:\x.dat
2007-11-10 10:22 172,032 --a------ C:\winlogon.exe
2007-11-10 10:22 45,878 --a------ C:\Documents and Settings\Administrateur\z.dat
2007-11-10 10:22 0 --a------ C:\z.dat
2007-11-09 14:05 77,888 --a------ C:\WINDOWS\system32\smdgganl.dll
2007-11-09 13:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-09 13:01 <REP> d-------- C:\Program Files\Navilog1
2007-11-09 10:25 2,372 --a------ C:\WINDOWS\mozver.dat
2007-11-09 10:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-09 10:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2007-11-09 09:47 <REP> d-------- C:\Program Files\Lavasoft
2007-11-09 09:47 80,448 --a------ C:\WINDOWS\system32\dhdnxqou.dll
2007-11-08 14:58 80,448 --a------ C:\WINDOWS\system32\vameppxp.dll
2007-11-08 14:53 145,984 --a------ C:\WINDOWS\system32\jgjvisng.dll
2007-11-08 14:53 145,984 --a------ C:\WINDOWS\system32\hjfcevrb.dll.vir
2007-11-08 14:53 71,232 --a------ C:\WINDOWS\system32\nlpxegko.exe
2007-11-08 14:51 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-08 14:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2007-11-08 14:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-08 13:59 35,328 --a------ C:\WINDOWS\system32\urqoomm.dll
2007-11-08 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-08 12:17 35,328 --a------ C:\WINDOWS\system32\khfdayw.dll
2007-11-08 11:58 15,937 --a------ C:\WINDOWS\system32\instdump.zip
2007-11-07 19:03 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-07 19:00 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-07 19:00 <REP> d-------- C:\Temp\mZOr
2007-11-07 19:00 <REP> d-------- C:\Temp
2007-11-07 19:00 225,120 --a------ C:\Temp\crda.exe
2007-11-06 21:09 <REP> d-------- C:\Program Files\UltraMixer
2007-11-06 21:09 <REP> d-------- C:\Documents and Settings\Administrateur\.ultramixer
2007-11-06 17:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Adssite Advanced Toolbar
2007-11-06 17:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2007-11-06 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\Incomplete
2007-11-06 16:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2007-11-06 00:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-05 22:33 <REP> d-------- C:\WINDOWS\Sun
2007-11-05 11:01 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-05 11:00 <REP> d-------- C:\Program Files\Microsoft.NET
2007-11-05 10:58 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-11-04 21:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-04 21:58 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-04 10:38 <REP> d-------- C:\WINDOWS\system32\Filt
2007-11-04 10:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2007-11-04 00:12 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-04 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-11-04 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2007-11-04 00:12 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2007-11-03 18:27 <REP> d-------- C:\Program Files\EoRezo
2007-11-03 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OtakuSoftware
2007-11-03 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2007-11-03 18:06 <REP> d-------- C:\WINDOWS\system32\Defaults
2007-11-03 18:06 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT
2007-11-03 18:05 <REP> d-------- C:\WINDOWS\system32\Data
2007-11-03 18:05 <REP> d-------- C:\Program Files\InstallShield Installation Information
2007-11-03 18:05 179,669 --a------ C:\WINDOWS\system32\ctstatic.dat
2007-11-03 18:05 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat
2007-11-03 18:05 113,373 --a------ C:\WINDOWS\system32\ctbasicw.dat
2007-11-03 18:05 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT
2007-11-03 18:05 44,055 --a------ C:\WINDOWS\system32\ctdaught.dat
2007-11-03 18:04 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-11-03 18:04 <REP> d-------- C:\Program Files\Creative
2007-11-03 18:04 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2007-11-03 17:30 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2007-11-03 17:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-03 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-03 17:26 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-11-03 17:25 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-11-03 17:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Kazaa Lite
2007-11-03 15:58 <REP> d-------- C:\Program Files\Alwil Software
2007-11-03 15:13 <REP> d--hs---- C:\Recycled
2007-11-03 14:58 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-11-03 14:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 21:04 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-12 17:01 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-12 17:01 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
2007-11-12 17:01 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-11-12 17:01 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
2007-11-07 18:03 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-22 13:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:13 663,040 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:13 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F137E1B-383B-4A02-A48C-07667047FCA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BA6470-E47A-477B-A5D8-4232DCB16026}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45b22467-5995-4d6d-b2aa-ffaed1a7edbd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59760DA8-97A6-4F1C-8653-28B10EE12B94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8123E8DC-386D-4F04-833E-A74FFEFEDA70}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7745392-A2AA-476B-8856-B6D0F7F90022}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B076F2A2-B78C-436E-A0EE-8905F7DAADF1}]
C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBF29C49-9213-44F5-B740-43787719F53A}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD72F158-D54D-4C47-8D29-FA7A659F6518}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-10-25 17:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaba.dll

S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-13 16:43:16 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 17:58:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 18:01:13 - machine was rebooted
.
--- E O F ---
0
Réponse 12 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle le rapport d'un scan en ligne
avec : (desactive avast le temps du scan)

Panda en ligne :
http://pandasoftware.fr

_____________

recolle ensuite un rapport hijackthis
0
Réponse 13 / 29
orros75 Messages postés 16 Statut Membre
 
En tout cas un grand merci pour ton aide.
voici le rapport hijack.Logfile of HijackThis v1.99.1
Scan saved at 18:06, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2F137E1B-383B-4A02-A48C-07667047FCA9} - (no file)
O2 - BHO: (no name) - {43BA6470-E47A-477B-A5D8-4232DCB16026} - (no file)
O2 - BHO: (no name) - {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59760DA8-97A6-4F1C-8653-28B10EE12B94} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8123E8DC-386D-4F04-833E-A74FFEFEDA70} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7745392-A2AA-476B-8856-B6D0F7F90022} - (no file)
O2 - BHO: (no name) - {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} - C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {BBF29C49-9213-44F5-B740-43787719F53A} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {BD72F158-D54D-4C47-8D29-FA7A659F6518} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c4adc6db09cf46ba84382b7cdfc81633
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c4adc6db09cf46ba84382b7cdfc81633
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://bitdefender.solutions-antivirus.com/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0
Réponse 14 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2F137E1B-383B-4A02-A48C-07667047FCA9} - (no file)
O2 - BHO: (no name) - {43BA6470-E47A-477B-A5D8-4232DCB16026} - (no file)
O2 - BHO: (no name) - {45b22467-5995-4d6d-b2aa-ffaed1a7edbd} - (no file)
O2 - BHO: (no name) - {59760DA8-97A6-4F1C-8653-28B10EE12B94} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8123E8DC-386D-4F04-833E-A74FFEFEDA70} - (no file)
O2 - BHO: (no name) - {A7745392-A2AA-476B-8856-B6D0F7F90022} - (no file)
O2 - BHO: (no name) - {B076F2A2-B78C-436E-A0EE-8905F7DAADF1} - C:\Program Files\NetMeeting\wodeC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {BBF29C49-9213-44F5-B740-43787719F53A} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {BD72F158-D54D-4C47-8D29-FA7A659F6518} - (no file)

O2 - BHO: (no name) - {FD1D6597-8BB8-4F06-A93C-8CAD2C1C9734} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

__________________________

colle le rapport d'un scan en ligne
avec : (desactive avast le temps du scan)

Panda en ligne :
http://pandasoftware.fr
0
Réponse 15 / 29
orros75 Messages postés 16 Statut Membre
 
voila le scan panda ...;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-13 20:14:00
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1074 [VPS 071113-1] 4.7.1074 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[fe.lea.lycos.fr/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@apmebf[1].txt
00176499 Cookie/Maxifiles TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@www.maxifiles[2].txt
00176500 Cookie/Maxifiles TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@goto.maxifiles[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.1i1\cookies.txt[.adultfriendfinder.com/]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\NLPXEGKO.EXE
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\VVLVDDMH.EXE
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\PXJFGUOD.EXE
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\JGJVISNG.DLL
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hjfcevrb.dll.vir
02690921 Trj/Multidropper.RJS Virus/Trojan No 0 Yes No C:\WINLOGON.EXE
02691065 Trj/Downloader.RBV Virus/Trojan No 0 Yes No C:\ir-1-1148.exe
02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\YAYAABA.DLL
02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\awtrqqp.dll.vir
02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\RQRRQOP.DLL
02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\WINDOWS\system32\AWTTTQR.DLL
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 16 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
utilise pour supprimer tes traces (cookies et fichiers temporaires ...........)

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

____________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\nlpxegko.exe
C:\WINDOWS\system32\vvlvddmh.exe
C:\WINDOWS\system32\pxjfguod.exe
C:\WINDOWS\system32\jgjvisng.dll
C:\WINDOWS\system32\hjfcevrb.dll.vir
C:\ir-1-1148.exe
C:\WINDOWS\system32\yayaaba.dll
C:\WINDOWS\system32\awtrqqp.dll.vir
C:\WINDOWS\system32\awtttqr.dll
C:\WINDOWS\system32\rqrrqop.dll
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________________________

Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement

________________________________

analyse ces fichiers sur virus total et dis moi lequels sont contaminés: https://www.virustotal.com/gui/

C:\WINDOWS\system32\umjwyugi.dll
C:\WINDOWS\system32\ocyyglll.dll
C:\WINDOWS\system32\unaqtnre.dll
C:\WINDOWS\system32\ebsepxdb.dll
C:\WINDOWS\system32\qkrvguvm.dll
C:\WINDOWS\system32\odphkeft.dll
C:\WINDOWS\system32\imwwetns.dll
C:\WINDOWS\system32\smdgganl.dll
C:\WINDOWS\system32\dhdnxqou.dll
C:\WINDOWS\system32\vameppxp.dll
C:\WINDOWS\system32\urqoomm.dll
C:\WINDOWS\system32\khfdayw.dll
C:\WINDOWS\system32\instdump.zip
0
Réponse 17 / 29
orros75 Messages postés 16 Statut Membre
 
salut voici le rapport de OT.....
C:\WINDOWS\system32\nlpxegko.exe moved successfully.
C:\WINDOWS\system32\vvlvddmh.exe moved successfully.
C:\WINDOWS\system32\pxjfguod.exe moved successfully.
C:\WINDOWS\system32\jgjvisng.dll unregistered successfully.
C:\WINDOWS\system32\jgjvisng.dll moved successfully.
C:\WINDOWS\system32\hjfcevrb.dll.vir moved successfully.
C:\ir-1-1148.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayaaba.dll
C:\WINDOWS\system32\yayaaba.dll NOT unregistered.
C:\WINDOWS\system32\yayaaba.dll moved successfully.
C:\WINDOWS\system32\awtrqqp.dll.vir moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtttqr.dll
C:\WINDOWS\system32\awtttqr.dll NOT unregistered.
C:\WINDOWS\system32\awtttqr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrrqop.dll
C:\WINDOWS\system32\rqrrqop.dll NOT unregistered.
C:\WINDOWS\system32\rqrrqop.dll moved successfully.
File/Folder C:\WINDOWS\system32\aybeg.ini2 not found.
File/Folder C:\WINDOWS\system32\abadd.bak1 not found.
File/Folder C:\WINDOWS\system32\abadd.bak2 not found.

Created on 11/14/2007 17:28:38
0
Réponse 18 / 29
orros75 Messages postés 16 Statut Membre
 
voici le rapport de msnfix....
MSNFix 1.577

C:\MSNFix
Fix exécuté le 14/11/2007 - 17:42:24,70 By Administrateur
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\carlton
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp

************************ MSNCHK ***** /!\ beta test /!\

************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\Install\
... C:\Temp\

************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\carlton
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp

************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\Install\
.. OK ... C:\Temp\

************************ Nettoyage du registre

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\instdump.zip] CEC2C459CAAB9DCA36BBE4E61C38C46B
[C:\winlogon.exe] 2D19413FB880EB02DA5EF31D7001423E

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ADMINI~1\BUREAU\Upload_Me.zip [/b] sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 14112007_17455782.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
Réponse 19 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse aussi ce fichier sur virus total

C:\WINDOWS\system32\instdump.zip
0
Réponse 20 / 29
orros75 Messages postés 16 Statut Membre
 
je n'arrive pas a faire un copier coller avec virs total???? comment faire merci.
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses