Pub alors la j'en ait ras le bol :(

Question

Bonjour, 
Voila apres une infection security toolbar vaincu, j'ai la visite d'un nouveau joueur sur mon pc qui s'apelle smooki un méchant pop-up qui n'arrete pas de me montrez une page de cinéma :) bref si quelqun a une idée je suis preneur car il ne comprend pas que je m'en fou de son cinéma et il est du genre a institez énormement ;) ...

Voila la page qu'il m'ouvre en permanence : https://www.hugedomains.com/domain_profile.cfm?d=smooki&e=com

jlpjlp · Answer

slt,

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php




2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

dieului · Answer

Bonsoir Exode,

J'ai déja eu ce problème et je sais m'y prendre: tu va aller sur: 

https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/23104.html 

Ce programe devrai t'aider, il m'a aider pour une invasion de PUB mais depuis j'ai formaté car je n'avais que encore 2KO sur le disque et mon PC ramais...

Niveau programation:
- il faut que t'aille dans "option" 
-que tu change la langue si elle est en anglais
-que tu coche le lancement a chaque demarage
-que t'active l'epuration

pour virer des fenetre t'as deux solution:

je te conseil d'aller dans fenetre courantes de prendre la fenetre a suprimer et de valider t'auras ensuite une fenetre: t'enleveras uniquement la taille et tu valide

Exode · Answer

Bah le probleme dieului c'est que j'ai pas envie de m'encombrez d'un logiciel a chaque démarage je prefere donc essayez la solution de jlpjlp et je  prendrait la tienne en derniez recourt merci quand meme ;).(un nouveau petit malin s'invite a la fête avec sa : 
http://hopelessromantic.com/pop.php) et de 2 :(.
Rapport Smitfraud :

SmitFraudFix v2.252

Rapport fait à 20:12:30,29, 12/11/2007
Executé à partir de C:\Documents and Settings\Jo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\AOL\1177616517\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Jo\Bureau\UniqueDisplay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\V3CallCenter\V3faxecp.exe
C:\Program Files\Bluestork Wifi\BS-W-USB\BS-W-USB.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
c:\program files\fichiers communs\aol\1177616517\ee\aexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1	legal-at-spybot.info
127.0.0.1	www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jo\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JO\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\__c00AE840.dat"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Bluestork BS-W-USB Wifi 54g USB Module #3 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2BF37397-A11B-415D-B1BC-A58D491ED5BA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{764C42E4-8833-4541-8A4E-FEEC2C734937}: NameServer=212.30.96.108,213.203.124.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2BF37397-A11B-415D-B1BC-A58D491ED5BA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{764C42E4-8833-4541-8A4E-FEEC2C734937}: NameServer=212.30.96.108,213.203.124.146
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2BF37397-A11B-415D-B1BC-A58D491ED5BA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{764C42E4-8833-4541-8A4E-FEEC2C734937}: NameServer=212.30.96.108,213.203.124.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

jlpjlp · Answer

refais smitfraudfix comme en 2:  mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

__________________


colle un rapport hijackthis 
 
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."



encore de la  pubS?

Exode · Answer

Normal que dans le rapport dans la section host y avait une liste gigantesque O_o sinon voila le hijack sinon oui encore des pubs dont une nouvelle sa en fait 3 :( voici la nouvelle http://www.bestdietforme.com/HealthConsiderations.htm?aff=22 : et le hijack: 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:33:02, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\AOL\1177616517\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Jo\Bureau\UniqueDisplay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\V3CallCenter\V3faxecp.exe
C:\Program Files\Bluestork Wifi\BS-W-USB\BS-W-USB.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
c:\program files\fichiers communs\aol\1177616517\ee\aexplore.exe
c:\program files\fichiers communs\aol\1177616517\ee\aexplore.exe
C:\WINDOWS\explorer.exe
D:\Pack\Eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {fede08dc-19ed-5dca-0ca4-a3bb156f93fb} - {bf39f651-bb3a-4ac0-acd5-de91cd80edef} - C:\WINDOWS\system32\vinkopeg.dll
O2 - BHO: (no name) - {FCFB8D24-8E03-455C-AE05-FBDB9C11509C} - C:\WINDOWS\system32\sstts.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1177616517\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UniqueDisplay] C:\Documents and Settings\Jo\Bureau\UniqueDisplay.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32woyluxk.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1359075163-3231251509-420763055-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'RAS_2')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1359075163-3231251509-420763055-1009 Startup: Raccourci vers prnsys.lnk = D:\HP Print Screen\prnsys.exe (User 'RAS_2')
O4 - S-1-5-21-1359075163-3231251509-420763055-1009 Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'RAS_2')
O4 - S-1-5-21-1359075163-3231251509-420763055-1009 User Startup: Raccourci vers prnsys.lnk = D:\HP Print Screen\prnsys.exe (User 'RAS_2')
O4 - S-1-5-21-1359075163-3231251509-420763055-1009 User Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'RAS_2')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
O4 - Global Startup: Bluestork BS-W-USB Utility.lnk = C:\Program Files\Bluestork Wifi\BS-W-USB\BS-W-USB.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_fr_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{764C42E4-8833-4541-8A4E-FEEC2C734937}: NameServer = 212.30.96.108,213.203.124.146
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00AE840.dat
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

jlpjlp · Answer

ok tu as d'autres infections, dont vundo
il y a du boulot:


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________________
puis :




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_________________

recolle ensuite un rapport hijackthis et dis tes soucis

Exode · Answer

2 nouveau probleme vienne de s'ajoutez au redémarage de la machine je me suis prit sa : launchapplication.exe - composant introuvable cette application n'a pas pu démarrer car ConnAPI.DLL est introuvable---------- Et la 2 eme : messenger plus! installation altered messenger plus! has not been installed properly on this system.---------- Alors vundo ma dit no files infected ensuite rapport VBG :

[11/12/2007, 20:44:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jo\Bureau\VirtumundoBeGone.exe" )
[11/12/2007, 20:44:45] - Detected System Information:
[11/12/2007, 20:44:45] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 20:44:45] - Current Username: Jo (Admin)
[11/12/2007, 20:44:45] - Windows is in NORMAL mode.
[11/12/2007, 20:44:45] - Searching for Browser Helper Objects:
[11/12/2007, 20:44:45] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[11/12/2007, 20:44:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 20:44:45] - BHO 3: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[11/12/2007, 20:44:45] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/12/2007, 20:44:45] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 20:44:45] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 20:44:45] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 20:44:45] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 20:44:45] - BHO 9: {bf39f651-bb3a-4ac0-acd5-de91cd80edef} ()
[11/12/2007, 20:44:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 20:44:45] - Checking for HKLM\...\Winlogon\Notify\vinkopeg
[11/12/2007, 20:44:45] - Key not found: HKLM\...\Winlogon\Notify\vinkopeg, continuing.
[11/12/2007, 20:44:45] - BHO 10: {FCFB8D24-8E03-455C-AE05-FBDB9C11509C} ()
[11/12/2007, 20:44:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 20:44:45] - Checking for HKLM\...\Winlogon\Notify\sstts
[11/12/2007, 20:44:45] - Key not found: HKLM\...\Winlogon\Notify\sstts, continuing.
[11/12/2007, 20:44:45] - Finished Searching Browser Helper Objects
[11/12/2007, 20:44:45] - Finishing up...
[11/12/2007, 20:44:45] - Nothing found! Exiting...

Et rapport combofix :

ComboFix 07-11-08.1 - Jo 2007-11-12 20:48:56.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.908 [GMT 1:00]
Running from: C:\Documents and Settings\Jo\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jo\Favoris\Online Security Guide.lnk
C:\Documents and Settings\RAS_2\Application Data\inst.exe
C:\Documents and Settings\RAS_2\Application Data\install_en[1].exe
C:\Documents and Settings\RAS_2\new.txt
C:\Program Files\BestsellerAntivirus
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c00AE840.dat
C:\WINDOWS\system32\__c00C3442.dat
C:\WINDOWS\system32\__c00E4B11.dat
C:\WINDOWS\system32\gdvppujo.dllbox
C:\WINDOWS\system32\hahutitq.dll
C:\WINDOWS\system32\mxwrahcl.dll
C:\WINDOWS\system32\nahmechk.dll
C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\qpufgstq.dllbox
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\vkpnmemo.dllbox
C:\WINDOWS\system32\ydwrtsef.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_SYSLIBRARY

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 20:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 20:06 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-12 19:48 <REP> d-------- C:\Documents and Settings\Jo\Application Data\Grisoft
2007-11-12 18:45 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\Grisoft
2007-11-12 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-12 18:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-12 18:29 0 --a------ C:\backup.reg
2007-11-12 17:12 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\MSNInstaller
2007-11-12 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-12 15:44 145,984 --a------ C:\WINDOWS\system32\hbirpfve.dll
2007-11-12 15:44 145,984 --------- C:\WINDOWS\system32\gdvppujo.dll
2007-11-11 22:46 <REP> d-------- C:\Program Files\Windows Live
2007-11-11 22:13 79,936 --a------ C:\WINDOWS\system32\vinkopeg.dll
2007-11-11 22:11 <REP> d-------- C:\Temp\HP_WebRelease
2007-11-11 22:11 <REP> d-------- C:\Temp
2007-11-11 22:10 88,128 --a------ C:\WINDOWS\system32\rwoyluxk.dll
2007-11-11 22:07 71,232 --a------ C:\WINDOWS\system32\ncmlowph.exe
2007-11-11 22:03 <REP> d--hs---- C:\FOUND.016
2007-11-11 21:48 115,712 --a------ C:\VundoFix.exe
2007-11-11 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2007-11-11 21:35 <REP> d-------- C:\Program Files\Toolbar Uninstaller
2007-11-11 21:21 <REP> d-------- C:\Program Files\NoAdware5.0
2007-11-11 20:53 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-11 14:47 79,936 --a------ C:\WINDOWS\system32\vcpvyaca.dll
2007-11-11 14:41 71,232 --a------ C:\WINDOWS\system32\ehsdoxdf.exe
2007-11-11 14:40 145,984 --a------ C:\WINDOWS\system32\lvnclnbg.dll
2007-11-11 11:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 01:31 <REP> d-------- C:\VundoFix Backups
2007-11-10 00:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-10 00:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-10 00:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-10 00:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-10 00:30 4,688 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 00:27 77,888 --a------ C:\WINDOWS\system32\iihgdvsc.dll
2007-11-10 00:18 145,984 --a------ C:\WINDOWS\system32\unwmtogh.dll
2007-11-10 00:12 71,232 --a------ C:\WINDOWS\system32\lcfcjvoj.exe
2007-11-09 16:55 35,328 --a------ C:\WINDOWS\system32\ssqrpqn.dll
2007-11-09 16:55 35,328 --a------ C:\WINDOWS\system32\rqrqppm.dll
2007-11-09 16:55 35,328 --a------ C:\WINDOWS\system32\gebbywv.dll
2007-11-09 16:54 35,328 --a------ C:\WINDOWS\system32\ssqrsrr.dll
2007-11-07 04:04 <REP> d-------- C:\Program Files\JoWood Productions
2007-11-05 18:46 <REP> d-------- C:\Fraps
2007-11-05 14:21 <REP> d-------- C:\Program Files\The Weather Channel FW
2007-11-05 00:56 <REP> d--hs---- C:\FOUND.015
2007-11-04 13:55 <REP> d-------- C:\Program Files\Arena
2007-11-04 11:30 <REP> d-------- C:\Program Files\WinBoard
2007-11-04 10:31 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\FileZilla
2007-11-03 16:16 <REP> d-------- C:\Program Files\Alawar
2007-11-03 15:38 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\ShredderChess
2007-11-03 14:04 54,272 --a------ C:\WINDOWS\system32\P2IRDAO.DLL
2007-11-03 14:04 50,176 --a------ C:\WINDOWS\system32\P2CTDAO.DLL
2007-11-03 13:50 <REP> d-------- C:\Program Files\C-Dames
2007-11-03 00:12 <REP> d-------- C:\Program Files\AlphaChess
2007-11-02 23:51 <REP> d-------- C:\Program Files\JeffProd
2007-11-02 23:51 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-11-02 23:36 <REP> d-------- C:\Program Files\DiagTransfer
2007-10-31 04:11 <REP> d-------- C:\New Films 2
2007-10-26 02:39 <REP> d-------- C:\New Films
2007-10-25 13:55 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\UseNeXT
2007-10-23 02:27 <REP> d-------- C:\Program Files\Microsoft Games
2007-10-21 23:46 7,248 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-21 16:46 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-21 16:46 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-21 16:46 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-21 16:46 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-21 16:46 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-21 16:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-21 16:46 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-21 16:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-21 16:46 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-10-21 16:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-20 12:18 <REP> d-------- C:\Program Files\Opera 9.5 alpha
2007-10-19 19:47 <REP> d-------- C:\Program Files\Cadsoft
2007-10-19 19:38 <REP> d-------- C:\Program Files\PhotoRedukto
2007-10-19 02:11 <REP> d--hs---- C:\FOUND.014
2007-10-19 01:48 <REP> d--hs---- C:\FOUND.013
2007-10-18 16:56 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\Azureus
2007-10-18 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-18 16:54 <REP> d-------- C:\Program Files\Azureus
2007-10-18 16:46 <REP> d-------- C:\Program Files\Shareaza
2007-10-18 16:46 <REP> d-------- C:\Documents and Settings\RAS_2\Application Data\Shareaza
2007-10-18 13:34 <REP> dr-h----- C:\Documents and Settings\RAS_2\Application Data\SecuROM
2007-10-17 18:35 <REP> d-------- C:\Program Files\eMule
2007-10-17 16:31 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-10-17 16:31 80,159 --a------ C:\WINDOWS\War3Unin.dat
2007-10-17 16:31 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-10-17 14:08 <REP> d-------- C:\Program Files\Kpe
2007-10-16 17:58 <REP> d-------- C:\Program Files\Glest_2.0.1
2007-10-15 17:49 <REP> d-------- C:\Documents and Settings\Jo\Application Data\CyberLink
2007-10-13 10:10 <REP> d-------- C:\Program Files\Maxthon
2007-10-13 10:09 <REP> d-------- C:\Program Files\Maxthon2
2007-10-12 10:58 <REP> d-------- C:\Program Files\GIMP-2.0
2007-10-12 10:58 <REP> d-------- C:\Documents and Settings\RAS_2\.gimp-2.2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:03 6,784 ----a-w C:\WINDOWS\system32\drivers\OSCI_DRVNT.sys
2007-11-09 15:12 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-23 01:18 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-19 00:51 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-10-19 00:51 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
2007-10-08 18:10 --------- d-----w C:\Program Files\Bluestork Wifi
2007-10-08 17:42 --------- d-----w C:\Program Files\INS
2007-10-05 02:24 --------- d-----w C:\Program Files\Fichiers communs\AnimeVamp
2007-10-04 07:14 --------- d-----w C:\Program Files\Photobie
2007-09-29 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-29 15:30 --------- d-----w C:\Program Files\MSN Messenger
2007-09-29 15:28 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-09-29 11:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-09-28 22:35 --------- d-----w C:\Program Files\Neuf
2007-09-27 16:01 --------- d-----w C:\Program Files\Opera
2007-09-27 10:52 --------- d-----w C:\Documents and Settings\RAS_2\Application Data\Apple Computer
2007-09-27 10:51 --------- d-----w C:\Program Files\Apple Software Update
2007-09-27 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-17 17:57 --------- d-----w C:\Documents and Settings\Jo\Application Data\Turbine
2007-09-17 14:46 --------- d-----w C:\Documents and Settings\Jo\Application Data\GetRightToGo
2007-09-17 14:38 --------- d-----w C:\Program Files\Sony
2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 00:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 00:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 00:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 00:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-17 00:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 00:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 00:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 00:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-09-17 00:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 00:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-09-17 00:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 00:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 00:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 00:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 00:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-09-17 00:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-09-17 00:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-09-17 00:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-09-17 00:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-09-17 00:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-09-17 00:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-09-17 00:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-09-17 00:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-09-17 00:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-09-17 00:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 00:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-09-17 00:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-09-17 00:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-09-17 00:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-09-17 00:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 00:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 00:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-09-17 00:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-09-17 00:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-09-17 00:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-09-17 00:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-09-17 00:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-09-17 00:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-09-17 00:07 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-09-17 00:07 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-09-17 00:07 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-09-17 00:07 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-09-17 00:07 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-09-17 00:07 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-09-17 00:07 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-09-17 00:07 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-09-17 00:07 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-09-17 00:07 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-09-17 00:07 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-09-17 00:07 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-09-17 00:07 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-09-17 00:07 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-09-17 00:07 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-09-17 00:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 00:07 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-09-17 00:07 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-09-17 00:07 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-09-17 00:07 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-06-28 16:06:28 140 --sha-w C:\WINDOWS\vxswestamp.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf39f651-bb3a-4ac0-acd5-de91cd80edef}]
2007-11-11 22:13 79936 --a------ C:\WINDOWS\system32\vinkopeg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1177616517\ee\AOLSoftware.exe" [2006-04-27 15:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"EoWeather"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-22 23:06]
"UDC Integration"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"UniqueDisplay"="C:\Documents and Settings\Jo\Bureau\UniqueDisplay.exe" [2007-09-12 09:32]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 01:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"320d18a1"="C:\WINDOWS\system32\rwoyluxk.dll" [2007-11-11 22:10]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00]
"Steam"="" []
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-09-29 16:28]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-09-14 19:06]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot

R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
R3 ZD1211BU(BLUESTORK);Bluestork BS-W-USB Wifi 54g USB Module Driver(BLUESTORK);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys
S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys
S3 RSPSC;RSPSC;C:\WINDOWS\system32\drivers\rspsc.sys

*Newly Created Service* - AVGASCLN
*Newly Created Service* - INT15.SYS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-12 19:40:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
"2007-11-09 16:15:02 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-09-27 10:51:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 20:57:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 20:59:44 - machine was rebooted
.
--- E O F ---

jlpjlp · Answer

le rapport vundofix svp

recolle ensuite un rapport hijackthis





Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Exode · Answer

Bah j'ai pas de rapport de vundo car il na rien trouvez et quand je met remove il me dit quil se ferme car il na justement rien trouvez.

Voila pour hijack : Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:16:27, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\AOL\1177616517\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Jo\Bureau\UniqueDisplay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\V3CallCenter\V3faxecp.exe
C:\Program Files\Bluestork Wifi\BS-W-USB\BS-W-USB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Pack\Eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {fede08dc-19ed-5dca-0ca4-a3bb156f93fb} - {bf39f651-bb3a-4ac0-acd5-de91cd80edef} - C:\WINDOWS\system32\vinkopeg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1177616517\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UniqueDisplay] C:\Documents and Settings\Jo\Bureau\UniqueDisplay.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32woyluxk.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
O4 - Global Startup: Bluestork BS-W-USB Utility.lnk = C:\Program Files\Bluestork Wifi\BS-W-USB\BS-W-USB.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_fr_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{764C42E4-8833-4541-8A4E-FEEC2C734937}: NameServer = 212.30.96.108,213.203.124.146
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

jlpjlp · Answer

desinstalle navilog

______________________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: {fede08dc-19ed-5dca-0ca4-a3bb156f93fb} - {bf39f651-bb3a-4ac0-acd5-de91cd80edef} - C:\WINDOWS\system32\vinkopeg.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32woyluxk.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


_______________________



télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\WINDOWS\system32\vinkopeg.dll
C:\WINDOWS\system32woyluxk.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


_______________________

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm


_________________________


apres tu vas avoir du boulot...

analyse ces fichiers sur virus total et dis moi lesquels sont infecté

https://www.virustotal.com/gui/



C:\WINDOWS\system32\hbirpfve.dll
C:\WINDOWS\system32\gdvppujo.dll
C:\WINDOWS\system32
cmlowph.exe
C:\WINDOWS\system32\vcpvyaca.dll
C:\WINDOWS\system32\ehsdoxdf.exe
C:\WINDOWS\system32\lvnclnbg.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32	mp.reg
C:\WINDOWS\system32\iihgdvsc.dll
C:\WINDOWS\system32\unwmtogh.dll
C:\WINDOWS\system32\lcfcjvoj.exe
C:\WINDOWS\system32\ssqrpqn.dll
C:\WINDOWS\system32qrqppm.dll
C:\WINDOWS\system32\gebbywv.dll
C:\WINDOWS\system32\ssqrsrr.dll 

__________________

recolle un rapport hijackthis, dis tes pbs

Pub alors la j'en ait ras le bol :(

10 réponses

Votre réponse

Discussions similaires

Newsletters