Sujet Précédent Sujet Suivant

Aide pour trojan

Adeline02 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Voila mon soucis. Lors d'une manœuvre sur internet j'ai reçu plein de trojan ( win32/adware.sectoolbar application , win/adwareavsystemcare application et j'en passe ) j'ai donc essayé les techniques que vous avez donné pour des personne ayant mes soucis mais rien ne change ils sont toujours la. J'espère avoir votre aide. Merci d'avance
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 27
Adeline02
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Nod32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nod32\nod32kui.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WowCartographe\WowCartographe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Ujgmrkuf\bckqxcyn.dll
O2 - BHO: (no name) - {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} - (no file)
O2 - BHO: (no name) - {2037842F-B6FC-94F5-49E2-04A07E581D4A} - C:\Program Files\Rkbldmnn\nvafmhbi.dll
O2 - BHO: (no name) - {2D628D87-D0A3-6203-4E86-09D91C6DD614} - C:\Program Files\Ruvbbfhb\woibizcw.dll
O2 - BHO: (no name) - {3BE02A32-3699-4974-A6CD-D3FE6016C063} - (no file)
O2 - BHO: (no name) - {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} - (no file)
O2 - BHO: (no name) - {3C847F45-3908-46B2-8499-6DA346CA4929} - (no file)
O2 - BHO: (no name) - {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} - (no file)
O2 - BHO: (no name) - {5159791b-b229-44d8-b82a-49b8e3cbe811} - (no file)
O2 - BHO: {18c0c79e-6387-0a18-3164-d601ed876106} - {601678de-106d-4613-81a0-7836e97c0c81} - C:\WINDOWS\system32\ewfsyqcy.dll
O2 - BHO: (no name) - {620c19dd-dd5e-4582-9d43-89fdd00e6355} - (no file)
O2 - BHO: (no name) - {6C4D39B5-E92C-45C2-B705-87655CCE146F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CEDE431-82B3-4968-BDC2-D497C8B6E694} - (no file)
O2 - BHO: (no name) - {8F5B8039-1FB8-4818-AE01-FCD9978464FE} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CEB2735-47BE-4968-89D2-D11ECA76E030} - (no file)
O2 - BHO: (no name) - {A8B1EC63-C834-44AA-AD40-966A96988815} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hufszctx.dll
O2 - BHO: (no name) - {ab51a63c-569b-4185-aba7-7d70a5f8119b} - (no file)
O2 - BHO: (no name) - {b336e14a-27e2-47ff-bf2f-7643913a4fde} - (no file)
O2 - BHO: (no name) - {b63072df-7c6f-434c-8325-8744b461b61a} - (no file)
O2 - BHO: (no name) - {C409D2B7-E80D-46DF-A5D6-D118C09F8409} - (no file)
O2 - BHO: (no name) - {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} - (no file)
O2 - BHO: (no name) - {E2E2D0C8-801E-4866-8CE9-04CB1665DABC} - (no file)
O2 - BHO: (no name) - {ed6fd6ff-38f8-4717-ae45-b8180c3533a4} - (no file)
O2 - BHO: (no name) - {f6ac28ef-867c-4c86-9b85-2419c0a1ff87} - (no file)
O2 - BHO: (no name) - {fb58d224-4a63-47c1-8f40-c32daf4c217a} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hufszctx.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PRISMSTA.EXE] Prismsta.exe /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [18035c72] rundll32.exe "C:\WINDOWS\system32\hugcbfjs.dll",b
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{662FA424-F11F-4016-A903-7A9AE2404143}: NameServer = 80.10.246.1,80.10.246.139
O20 - Winlogon Notify: gqxqnebs - gqxqnebs.dll (file missing)
O20 - Winlogon Notify: hufszctx - C:\WINDOWS\SYSTEM32\hufszctx.dll
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 3 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
parfait tu es inféctées par vundo/virtumonde, fais tout ce qui suis et colle bien les rapports meme si cela prend un peu de temps...

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________________
puis :

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

_________________

recolle ensuite un rapport hijackthis et dis tes soucis
0
Réponse 4 / 27
Adeline02
 
[11/12/2007, 21:54:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[11/12/2007, 21:54:41] - User choose NOT to continue. Exiting...

[11/12/2007, 21:59:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[11/12/2007, 21:59:07] - Detected System Information:
[11/12/2007, 21:59:07] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 21:59:07] - Current Username: Administrateur (Admin)
[11/12/2007, 21:59:07] - Windows is in NORMAL mode.
[11/12/2007, 21:59:07] - Searching for Browser Helper Objects:
[11/12/2007, 21:59:07] - BHO 1: {08C525F4-2EBD-396D-B12A-005661A8CF95} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - Checking for HKLM\...\Winlogon\Notify\glhqftan
[11/12/2007, 21:59:07] - Key not found: HKLM\...\Winlogon\Notify\glhqftan, continuing.
[11/12/2007, 21:59:07] - BHO 2: {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - Checking for HKLM\...\Winlogon\Notify\vtuts
[11/12/2007, 21:59:07] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[11/12/2007, 21:59:07] - BHO 3: {2037842F-B6FC-94F5-49E2-04A07E581D4A} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - Checking for HKLM\...\Winlogon\Notify\nvafmhbi
[11/12/2007, 21:59:07] - Key not found: HKLM\...\Winlogon\Notify\nvafmhbi, continuing.
[11/12/2007, 21:59:07] - BHO 4: {2D628D87-D0A3-6203-4E86-09D91C6DD614} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - Checking for HKLM\...\Winlogon\Notify\woibizcw
[11/12/2007, 21:59:07] - Key not found: HKLM\...\Winlogon\Notify\woibizcw, continuing.
[11/12/2007, 21:59:07] - BHO 5: {3BE02A32-3699-4974-A6CD-D3FE6016C063} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - Checking for HKLM\...\Winlogon\Notify\vtuts
[11/12/2007, 21:59:07] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[11/12/2007, 21:59:07] - BHO 6: {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 7: {3C847F45-3908-46B2-8499-6DA346CA4929} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 8: {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 9: {5159791b-b229-44d8-b82a-49b8e3cbe811} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 10: {620c19dd-dd5e-4582-9d43-89fdd00e6355} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 11: {6C4D39B5-E92C-45C2-B705-87655CCE146F} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 21:59:07] - BHO 13: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 14: {8CEDE431-82B3-4968-BDC2-D497C8B6E694} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 15: {8F5B8039-1FB8-4818-AE01-FCD9978464FE} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 16: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:59:07] - BHO 17: {9CEB2735-47BE-4968-89D2-D11ECA76E030} ()
[11/12/2007, 21:59:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:07] - No filename found. Continuing.
[11/12/2007, 21:59:07] - BHO 18: {A8B1EC63-C834-44AA-AD40-966A96988815} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 19: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\gqxqnebs
[11/12/2007, 21:59:08] - Found: HKLM\...\Winlogon\Notify\gqxqnebs - This is probably Virtumundo.
[11/12/2007, 21:59:08] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/12/2007, 21:59:08] - BHO list has been changed! Starting over...
[11/12/2007, 21:59:08] - BHO 1: {08C525F4-2EBD-396D-B12A-005661A8CF95} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\glhqftan
[11/12/2007, 21:59:08] - Key not found: HKLM\...\Winlogon\Notify\glhqftan, continuing.
[11/12/2007, 21:59:08] - BHO 2: {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\vtuts
[11/12/2007, 21:59:08] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[11/12/2007, 21:59:08] - BHO 3: {2037842F-B6FC-94F5-49E2-04A07E581D4A} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\nvafmhbi
[11/12/2007, 21:59:08] - Key not found: HKLM\...\Winlogon\Notify\nvafmhbi, continuing.
[11/12/2007, 21:59:08] - BHO 4: {2D628D87-D0A3-6203-4E86-09D91C6DD614} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\woibizcw
[11/12/2007, 21:59:08] - Key not found: HKLM\...\Winlogon\Notify\woibizcw, continuing.
[11/12/2007, 21:59:08] - BHO 5: {3BE02A32-3699-4974-A6CD-D3FE6016C063} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\vtuts
[11/12/2007, 21:59:08] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[11/12/2007, 21:59:08] - BHO 6: {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 7: {3C847F45-3908-46B2-8499-6DA346CA4929} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 8: {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 9: {5159791b-b229-44d8-b82a-49b8e3cbe811} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 10: {620c19dd-dd5e-4582-9d43-89fdd00e6355} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 11: {6C4D39B5-E92C-45C2-B705-87655CCE146F} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 21:59:08] - BHO 13: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 14: {8CEDE431-82B3-4968-BDC2-D497C8B6E694} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 15: {8F5B8039-1FB8-4818-AE01-FCD9978464FE} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 16: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:59:08] - BHO 17: {9CEB2735-47BE-4968-89D2-D11ECA76E030} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 18: {A8B1EC63-C834-44AA-AD40-966A96988815} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 19: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/12/2007, 21:59:08] - ALERT: Found MSEvents Object!
[11/12/2007, 21:59:08] - BHO 20: {ab51a63c-569b-4185-aba7-7d70a5f8119b} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 21: {b336e14a-27e2-47ff-bf2f-7643913a4fde} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - Checking for HKLM\...\Winlogon\Notify\pmubjglu
[11/12/2007, 21:59:08] - Key not found: HKLM\...\Winlogon\Notify\pmubjglu, continuing.
[11/12/2007, 21:59:08] - BHO 22: {b63072df-7c6f-434c-8325-8744b461b61a} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 23: {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 24: {E2E2D0C8-801E-4866-8CE9-04CB1665DABC} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 25: {ed6fd6ff-38f8-4717-ae45-b8180c3533a4} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - BHO 26: {fb58d224-4a63-47c1-8f40-c32daf4c217a} ()
[11/12/2007, 21:59:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:08] - No filename found. Continuing.
[11/12/2007, 21:59:08] - Finished Searching Browser Helper Objects
[11/12/2007, 21:59:08] - *** Detected MSEvents Object
[11/12/2007, 21:59:08] - Trying to remove MSEvents Object...
[11/12/2007, 21:59:09] - Terminating Process: IEXPLORE.EXE
[11/12/2007, 21:59:10] - Terminating Process: RUNDLL32.EXE
[11/12/2007, 21:59:10] - Disabling Automatic Shell Restart
[11/12/2007, 21:59:10] - Terminating Process: EXPLORER.EXE
[11/12/2007, 21:59:10] - Suspending the NT Session Manager System Service
[11/12/2007, 21:59:10] - Terminating Windows NT Logon/Logoff Manager
[11/12/2007, 21:59:11] - Re-enabling Automatic Shell Restart
[11/12/2007, 21:59:11] - File to disable: C:\WINDOWS\system32\gqxqnebs.dll
[11/12/2007, 21:59:11] - Renaming C:\WINDOWS\system32\gqxqnebs.dll -> C:\WINDOWS\system32\gqxqnebs.dll.vir
[11/12/2007, 21:59:11] - ! File rename was unsucessful.
[11/12/2007, 21:59:11] - Attempting to Deny Access to C:\WINDOWS\system32\gqxqnebs.dll
[11/12/2007, 21:59:11] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[11/12/2007, 21:59:11] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[11/12/2007, 21:59:11] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[11/12/2007, 21:59:11] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/12/2007, 21:59:12] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/12/2007, 21:59:12] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/12/2007, 21:59:12] - Deleting ATLEvents/MSEvents Registry entries
[11/12/2007, 21:59:12] - Removing HKLM\...\Winlogon\Notify\gqxqnebs
[11/12/2007, 21:59:12] - Searching for Browser Helper Objects:
[11/12/2007, 21:59:12] - BHO 1: {08C525F4-2EBD-396D-B12A-005661A8CF95} ()
[11/12/2007, 21:59:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:12] - Checking for HKLM\...\Winlogon\Notify\glhqftan
[11/12/2007, 21:59:12] - Key not found: HKLM\...\Winlogon\Notify\glhqftan, continuing.
[11/12/2007, 21:59:12] - BHO 2: {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} ()
[11/12/2007, 21:59:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:13] - Checking for HKLM\...\Winlogon\Notify\vtuts
[11/12/2007, 21:59:14] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[11/12/2007, 21:59:14] - BHO 3: {2037842F-B6FC-94F5-49E2-04A07E581D4A} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - Checking for HKLM\...\Winlogon\Notify\nvafmhbi
[11/12/2007, 21:59:14] - Key not found: HKLM\...\Winlogon\Notify\nvafmhbi, continuing.
[11/12/2007, 21:59:14] - BHO 4: {2D628D87-D0A3-6203-4E86-09D91C6DD614} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - Checking for HKLM\...\Winlogon\Notify\woibizcw
[11/12/2007, 21:59:14] - Key not found: HKLM\...\Winlogon\Notify\woibizcw, continuing.
[11/12/2007, 21:59:14] - BHO 5: {3BE02A32-3699-4974-A6CD-D3FE6016C063} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - Checking for HKLM\...\Winlogon\Notify\vtuts
[11/12/2007, 21:59:14] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[11/12/2007, 21:59:14] - BHO 6: {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 7: {3C847F45-3908-46B2-8499-6DA346CA4929} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 8: {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 9: {5159791b-b229-44d8-b82a-49b8e3cbe811} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 10: {620c19dd-dd5e-4582-9d43-89fdd00e6355} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 11: {6C4D39B5-E92C-45C2-B705-87655CCE146F} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 21:59:14] - BHO 13: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 14: {8CEDE431-82B3-4968-BDC2-D497C8B6E694} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 15: {8F5B8039-1FB8-4818-AE01-FCD9978464FE} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 16: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:59:14] - BHO 17: {9CEB2735-47BE-4968-89D2-D11ECA76E030} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 18: {A8B1EC63-C834-44AA-AD40-966A96988815} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 19: {ab51a63c-569b-4185-aba7-7d70a5f8119b} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:14] - BHO 20: {b336e14a-27e2-47ff-bf2f-7643913a4fde} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - Checking for HKLM\...\Winlogon\Notify\pmubjglu
[11/12/2007, 21:59:14] - Key not found: HKLM\...\Winlogon\Notify\pmubjglu, continuing.
[11/12/2007, 21:59:14] - BHO 21: {b63072df-7c6f-434c-8325-8744b461b61a} ()
[11/12/2007, 21:59:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:14] - No filename found. Continuing.
[11/12/2007, 21:59:15] - BHO 22: {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} ()
[11/12/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:16] - No filename found. Continuing.
[11/12/2007, 21:59:16] - BHO 23: {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} ()
[11/12/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:16] - No filename found. Continuing.
[11/12/2007, 21:59:16] - BHO 24: {E2E2D0C8-801E-4866-8CE9-04CB1665DABC} ()
[11/12/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:16] - No filename found. Continuing.
[11/12/2007, 21:59:16] - BHO 25: {ed6fd6ff-38f8-4717-ae45-b8180c3533a4} ()
[11/12/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:16] - No filename found. Continuing.
[11/12/2007, 21:59:16] - BHO 26: {fb58d224-4a63-47c1-8f40-c32daf4c217a} ()
[11/12/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:59:16] - No filename found. Continuing.
[11/12/2007, 21:59:16] - Finished Searching Browser Helper Objects
[11/12/2007, 21:59:16] - Finishing up...
[11/12/2007, 21:59:16] - A restart is needed.
[11/12/2007, 21:59:16] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[11/12/2007, 21:59:26] - Attempting to Restart via STOP error (Blue Screen!)

[11/12/2007, 22:03:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[11/12/2007, 22:03:39] - User choose NOT to continue. Exiting...

[11/13/2007, 14:42:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[11/13/2007, 14:42:35] - Detected System Information:
[11/13/2007, 14:42:35] - Windows Version: 5.1.2600, Service Pack 2
[11/13/2007, 14:42:35] - Current Username: Administrateur (Admin)
[11/13/2007, 14:42:35] - Windows is in NORMAL mode.
[11/13/2007, 14:42:35] - Searching for Browser Helper Objects:
[11/13/2007, 14:42:35] - BHO 1: {08C525F4-2EBD-396D-B12A-005661A8CF95} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - Checking for HKLM\...\Winlogon\Notify\bckqxcyn
[11/13/2007, 14:42:35] - Key not found: HKLM\...\Winlogon\Notify\bckqxcyn, continuing.
[11/13/2007, 14:42:35] - BHO 2: {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 3: {2037842F-B6FC-94F5-49E2-04A07E581D4A} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - Checking for HKLM\...\Winlogon\Notify\nvafmhbi
[11/13/2007, 14:42:35] - Key not found: HKLM\...\Winlogon\Notify\nvafmhbi, continuing.
[11/13/2007, 14:42:35] - BHO 4: {2D628D87-D0A3-6203-4E86-09D91C6DD614} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - Checking for HKLM\...\Winlogon\Notify\woibizcw
[11/13/2007, 14:42:35] - Key not found: HKLM\...\Winlogon\Notify\woibizcw, continuing.
[11/13/2007, 14:42:35] - BHO 5: {3BE02A32-3699-4974-A6CD-D3FE6016C063} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 6: {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 7: {3C847F45-3908-46B2-8499-6DA346CA4929} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 8: {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 9: {5159791b-b229-44d8-b82a-49b8e3cbe811} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 10: {601678de-106d-4613-81a0-7836e97c0c81} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - Checking for HKLM\...\Winlogon\Notify\ewfsyqcy
[11/13/2007, 14:42:35] - Key not found: HKLM\...\Winlogon\Notify\ewfsyqcy, continuing.
[11/13/2007, 14:42:35] - BHO 11: {620c19dd-dd5e-4582-9d43-89fdd00e6355} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 12: {6C4D39B5-E92C-45C2-B705-87655CCE146F} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 13: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/13/2007, 14:42:35] - BHO 14: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 15: {8CEDE431-82B3-4968-BDC2-D497C8B6E694} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 16: {8F5B8039-1FB8-4818-AE01-FCD9978464FE} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 17: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/13/2007, 14:42:35] - BHO 18: {9CEB2735-47BE-4968-89D2-D11ECA76E030} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 19: {A8B1EC63-C834-44AA-AD40-966A96988815} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 20: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 21: {ab51a63c-569b-4185-aba7-7d70a5f8119b} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 22: {b336e14a-27e2-47ff-bf2f-7643913a4fde} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 23: {b63072df-7c6f-434c-8325-8744b461b61a} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 24: {C409D2B7-E80D-46DF-A5D6-D118C09F8409} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 25: {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 26: {E2E2D0C8-801E-4866-8CE9-04CB1665DABC} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 27: {ed6fd6ff-38f8-4717-ae45-b8180c3533a4} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 28: {f6ac28ef-867c-4c86-9b85-2419c0a1ff87} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - BHO 29: {fb58d224-4a63-47c1-8f40-c32daf4c217a} ()
[11/13/2007, 14:42:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 14:42:35] - No filename found. Continuing.
[11/13/2007, 14:42:35] - Finished Searching Browser Helper Objects
[11/13/2007, 14:42:35] - Finishing up...
[11/13/2007, 14:42:35] - Nothing found! Exiting ...

ComboFix 07-11-08.1 - Administrateur 2007-11-13 14:45:35.3 - NTFSx86
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hufszctx.dllbox

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 14:27 <REP> d-------- C:\VundoFix Backups
2007-11-13 12:09 <REP> d-------- C:\Program Files\Ujgmrkuf
2007-11-12 22:09 144,480 --a------ C:\WINDOWS\system32\vpkbwurf.dll
2007-11-12 22:06 89,664 --a------ C:\WINDOWS\system32\wtuwlckd.dll
2007-11-12 22:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 22:03 81,472 --a------ C:\WINDOWS\system32\ewfsyqcy.dll
2007-11-12 21:26 144,480 --a------ C:\WINDOWS\system32\gqxqnebs.dll.vir
2007-11-12 21:25 144,480 --a------ C:\WINDOWS\system32\vfhbmpbj.dll
2007-11-12 21:22 81,472 --a------ C:\WINDOWS\system32\pmubjglu.dll
2007-11-12 21:20 <REP> d-------- C:\Program Files\Kioktkzo
2007-11-12 20:51 <REP> d-------- C:\Program Files\Trend Micro
2007-11-12 19:44 81,472 --a------ C:\WINDOWS\system32\jjsxlxfk.dll
2007-11-12 19:41 144,480 --a------ C:\WINDOWS\system32\bsukvomq.dll
2007-11-11 21:20 <REP> d-------- C:\Program Files\Rkbldmnn
2007-11-10 22:15 85,056 --a------ C:\WINDOWS\system32\xfijmybl.dll
2007-11-10 22:12 81,472 --a------ C:\WINDOWS\system32\rarcawfn.dll
2007-11-09 21:13 77,888 --a------ C:\WINDOWS\system32\lejhuotq.dll
2007-11-09 21:10 88,128 --a------ C:\WINDOWS\system32\gsesrcem.dll
2007-11-08 21:08 80,448 --a------ C:\WINDOWS\system32\hsfnrbvl.dll
2007-11-07 21:08 79,936 --a------ C:\WINDOWS\system32\bxgxkprn.dll
2007-11-07 21:05 86,080 --a------ C:\WINDOWS\system32\bieqdilb.dll
2007-11-07 19:07 <REP> d-------- C:\Program Files\WowCartographe
2007-11-05 20:43 <REP> d-------- C:\Program Files\Ruvbbfhb
2007-11-05 13:34 83,008 --a------ C:\WINDOWS\system32\wmjnrrma.dll
2007-11-04 19:15 <REP> d-------- C:\WINDOWS\Sun
2007-11-04 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 16:13 <REP> d-------- C:\Program Files\CCleaner
2007-11-04 16:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-04 16:09 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-04 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-04 15:59 78,912 --a------ C:\WINDOWS\system32\xoklcvak.dll
2007-11-04 15:00 <REP> d-------- C:\Temp
2007-11-04 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-04 14:33 <REP> d-------- C:\Program Files\Java
2007-11-04 14:33 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-04 12:57 <REP> d-------- C:\WINDOWS\pss
2007-11-04 11:29 <REP> d-------- C:\Program Files\Lavasoft
2007-11-04 11:29 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-04 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-04 11:15 <REP> d-------- C:\Program Files\kxktshoz
2007-11-04 11:15 36,864 --a------ C:\WINDOWS\system32\gebawwu.dll
2007-11-04 11:15 0 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-11-04 11:14 104,960 --a------ C:\WINDOWS\system32\drvfog.dll
2007-11-02 20:24 <REP> d-------- C:\Program Files\Microsoft Works
2007-11-02 20:23 <REP> d-------- C:\Program Files\MSBuild
2007-11-02 20:22 <REP> d-------- C:\Program Files\Microsoft.NET
2007-11-02 20:20 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-02 20:19 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-11-02 20:18 <REP> dr-h----- C:\MSOCache
2007-11-02 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-01 10:55 <REP> d-------- C:\Program Files\Shareaza
2007-11-01 10:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Shareaza
2007-10-31 17:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2007-10-31 15:26 <REP> d-------- C:\Program Files\QuickTime
2007-10-31 15:26 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-31 15:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-31 15:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-31 13:05 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-31 13:04 <REP> d-------- C:\Program Files\Adobe Photoshop CS3
2007-10-31 13:04 44,814,336 --a------ C:\Program Files\Photoshop.exe
2007-10-31 13:04 724,432 --a------ C:\Program Files\unins000.exe
2007-10-31 13:04 270,025 --a------ C:\Program Files\unins000.dat
2007-10-31 11:41 <REP> d-------- C:\Program Files\Dofus
2007-10-31 11:12 <REP> d-------- C:\Program Files\PhotoFiltre
2007-10-30 10:41 102,912 -ra------ C:\WINDOWS\system32\JPEGCODE.DLL
2007-10-29 19:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OtakuSoftware
2007-10-19 20:51 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-19 20:51 140,288 --a------ C:\WINDOWS\system32\CNMLM53.DLL
2007-10-19 20:51 90,112 --a------ C:\WINDOWS\system32\CNMCP53.exe
2007-10-19 20:51 8,704 --a------ C:\WINDOWS\system32\CNMVS53.DLL
2007-10-19 20:49 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-18 20:21 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-10-18 19:46 <REP> d-------- C:\Program Files\GOA
2007-10-18 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Electronic Arts
2007-10-17 17:29 <REP> d-------- C:\World of Warcraft
2007-10-17 17:14 <REP> d-------- C:\Program Files\GUILD WARS
2007-10-14 14:01 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-14 14:01 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-10-14 14:01 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-14 14:01 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-10-14 13:56 <REP> d-------- C:\Program Files\Ubisoft
2007-10-13 12:51 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-13 08:27 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-10-13 08:27 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-10-13 08:27 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-13 08:27 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-10-13 08:27 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-10-13 08:27 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-10-13 08:27 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 17:21 --------- d-----w C:\Program Files\Nod32
2007-10-31 10:32 --------- d-----w C:\Program Files\MSN Messenger
2007-10-31 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-30 09:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 16:29 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-12 19:13 --------- d-----w C:\Program Files\DivX
2007-10-12 18:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nero
2007-10-12 18:24 --------- d-----w C:\Program Files\Fichiers communs\Nero
2007-10-12 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-12 18:19 --------- d-----w C:\Program Files\Windows Live
2007-10-12 17:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-10-12 16:37 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-11 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-10-11 19:21 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-10-11 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-11 19:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2007-10-11 05:37 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Logitech
2007-10-10 20:35 --------- d-----w C:\Program Files\Logitech
2007-10-10 20:34 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-10 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-10 20:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-10 16:02 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-10 15:53 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-10 15:51 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-10 15:26 --------- d-----w C:\Program Files\PowerQuest
2007-10-10 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism
2007-10-10 14:29 --------- d-----w C:\Program Files\802.11g USB2.0 Adapter
2007-10-10 14:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2007-10-10 14:27 --------- d-----w C:\Program Files\TweakRAM
2007-10-10 14:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-10 14:18 --------- d-----w C:\Program Files\Symantec
2007-10-10 14:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-10 14:18 --------- d-----w C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-10 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-10 14:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-10-10 14:14 76,160 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2007-10-10 14:14 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-10 14:14 46,208 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2007-10-10 14:14 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-10 14:13 --------- d-----w C:\Program Files\Executive Software
2007-10-10 14:08 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-24 07:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 07:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 07:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 07:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2006-10-08 23:18 145,920 ----a-w C:\WINDOWS\inf\hdaudio.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-12_22.24.11.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-13 13:51:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
2007-11-13 12:09 102400 --a------ C:\Program Files\Ujgmrkuf\bckqxcyn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C9E5966-B6FF-4146-9E34-811C9DFD4F6F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2037842F-B6FC-94F5-49E2-04A07E581D4A}]
2007-11-11 21:20 110592 --a------ C:\Program Files\Rkbldmnn\nvafmhbi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D628D87-D0A3-6203-4E86-09D91C6DD614}]
2007-11-05 20:43 106496 --a------ C:\Program Files\Ruvbbfhb\woibizcw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BE02A32-3699-4974-A6CD-D3FE6016C063}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BFD0013-2F6A-4060-9A8E-A76CE054F49C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C847F45-3908-46B2-8499-6DA346CA4929}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5159791b-b229-44d8-b82a-49b8e3cbe811}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{601678de-106d-4613-81a0-7836e97c0c81}]
2007-11-12 22:03 81472 --a------ C:\WINDOWS\system32\ewfsyqcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{620c19dd-dd5e-4582-9d43-89fdd00e6355}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C4D39B5-E92C-45C2-B705-87655CCE146F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CEDE431-82B3-4968-BDC2-D497C8B6E694}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F5B8039-1FB8-4818-AE01-FCD9978464FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CEB2735-47BE-4968-89D2-D11ECA76E030}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8B1EC63-C834-44AA-AD40-966A96988815}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ab51a63c-569b-4185-aba7-7d70a5f8119b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b336e14a-27e2-47ff-bf2f-7643913a4fde}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b63072df-7c6f-434c-8325-8744b461b61a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C409D2B7-E80D-46DF-A5D6-D118C09F8409}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2E2D0C8-801E-4866-8CE9-04CB1665DABC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed6fd6ff-38f8-4717-ae45-b8180c3533a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6ac28ef-867c-4c86-9b85-2419c0a1ff87}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fb58d224-4a63-47c1-8f40-c32daf4c217a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 02:37]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 16:52]
"nod32kui"="C:\Program Files\Nod32\nod32kui.exe" [2007-10-10 15:14]
"PRISMSTA.EXE"="Prismsta.exe" [2003-11-08 15:49 C:\WINDOWS\system32\PRISMSTA.exe]
"PRISMSVR.EXE"="Prismsvr.exe" [2003-11-20 14:12 C:\WINDOWS\system32\PRISMSVR.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 00:34 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-10-09 00:34 C:\WINDOWS\SkyTel.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"18035c72"="C:\WINDOWS\system32\hugcbfjs.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 19:52]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 03:23]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 17:07]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 19:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-09-20 16:38]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe"
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe
"TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe
"LClock"=C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gqxqnebs]
gqxqnebs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hufszctx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec39af41-773c-11dc-9912-000000000000}]
\shell\AutoRun\command - F:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 19:58:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 14:51:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-13 14:53:42 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-13 13:40
C:\ComboFix3.txt ... 2007-11-12 22:27
.
--- E O F ---

L'ordinateur va deja plus vite et je n'ai plus la fentre qui me proposait d'installer tout et n'importe quoi.As-tu detecté autre chose ou c'es parfait ?
J'ai une petite question egalement. J'ai 2 systeme d'exploitation sur 2 partition ( 1 vista, l'autre xp ultimate). Ne voulant plus le choix des 2 systeme d'exploitation au demarage j'ai decidé de faire cela https://forum.zebulon.fr/topic/63120-choix-du-syst%C3%A8me-dexploitation-au-d%C3%A9marrage/ mais cela na rien changé j'ai eu toujours les 2 au demarage, j'ai desinstallé vista mais encore sans effet j'ai encore la proposition. Que puis-je faire ? Merci de ton aide :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
recolle un rapport hijackthis
0
Réponse 6 / 27
Adeline02
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Nod32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nod32\nod32kui.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\WowCartographe\WowCartographe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Ujgmrkuf\bckqxcyn.dll
O2 - BHO: (no name) - {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} - (no file)
O2 - BHO: (no name) - {2037842F-B6FC-94F5-49E2-04A07E581D4A} - C:\Program Files\Rkbldmnn\nvafmhbi.dll
O2 - BHO: (no name) - {2D628D87-D0A3-6203-4E86-09D91C6DD614} - C:\Program Files\Ruvbbfhb\woibizcw.dll
O2 - BHO: (no name) - {3BE02A32-3699-4974-A6CD-D3FE6016C063} - (no file)
O2 - BHO: (no name) - {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} - (no file)
O2 - BHO: (no name) - {3C847F45-3908-46B2-8499-6DA346CA4929} - (no file)
O2 - BHO: (no name) - {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} - (no file)
O2 - BHO: (no name) - {5159791b-b229-44d8-b82a-49b8e3cbe811} - (no file)
O2 - BHO: {18c0c79e-6387-0a18-3164-d601ed876106} - {601678de-106d-4613-81a0-7836e97c0c81} - C:\WINDOWS\system32\ewfsyqcy.dll
O2 - BHO: (no name) - {620c19dd-dd5e-4582-9d43-89fdd00e6355} - (no file)
O2 - BHO: (no name) - {6C4D39B5-E92C-45C2-B705-87655CCE146F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CEDE431-82B3-4968-BDC2-D497C8B6E694} - (no file)
O2 - BHO: (no name) - {8F5B8039-1FB8-4818-AE01-FCD9978464FE} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CEB2735-47BE-4968-89D2-D11ECA76E030} - (no file)
O2 - BHO: (no name) - {A8B1EC63-C834-44AA-AD40-966A96988815} - (no file)
O2 - BHO: (no name) - {ab51a63c-569b-4185-aba7-7d70a5f8119b} - (no file)
O2 - BHO: (no name) - {b336e14a-27e2-47ff-bf2f-7643913a4fde} - (no file)
O2 - BHO: (no name) - {b63072df-7c6f-434c-8325-8744b461b61a} - (no file)
O2 - BHO: (no name) - {C409D2B7-E80D-46DF-A5D6-D118C09F8409} - (no file)
O2 - BHO: (no name) - {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} - (no file)
O2 - BHO: (no name) - {E2E2D0C8-801E-4866-8CE9-04CB1665DABC} - (no file)
O2 - BHO: (no name) - {ed6fd6ff-38f8-4717-ae45-b8180c3533a4} - (no file)
O2 - BHO: (no name) - {f6ac28ef-867c-4c86-9b85-2419c0a1ff87} - (no file)
O2 - BHO: (no name) - {fb58d224-4a63-47c1-8f40-c32daf4c217a} - (no file)
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PRISMSTA.EXE] Prismsta.exe /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [18035c72] rundll32.exe "C:\WINDOWS\system32\hugcbfjs.dll",b
O4 - HKLM\..\Run: [kxktshoz] rundll32.exe "C:\Program Files\kxktshoz\ahgpizof.dll",Init
O4 - HKLM\..\Run: [kpmzqxch] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kpmzqxch.dll"
O4 - HKLM\..\Run: [fujivebg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fujivebg.dll"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{662FA424-F11F-4016-A903-7A9AE2404143}: NameServer = 80.10.246.1,80.10.246.139
O20 - Winlogon Notify: gqxqnebs - gqxqnebs.dll (file missing)
O20 - Winlogon Notify: hufszctx - C:\WINDOWS\
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 7 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour avoir une seule propsition au demarrage:

http://www.presence-pc.com/forum/ppc/Logiciels/supprimer-windows-demarrage-sujet-15920-1.htm

_________________________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Ujgmrkuf\bckqxcyn.dll
O2 - BHO: (no name) - {1C9E5966-B6FF-4146-9E34-811C9DFD4F6F} - (no file)
O2 - BHO: (no name) - {2037842F-B6FC-94F5-49E2-04A07E581D4A} - C:\Program Files\Rkbldmnn\nvafmhbi.dll
O2 - BHO: (no name) - {2D628D87-D0A3-6203-4E86-09D91C6DD614} - C:\Program Files\Ruvbbfhb\woibizcw.dll
O2 - BHO: (no name) - {3BE02A32-3699-4974-A6CD-D3FE6016C063} - (no file)
O2 - BHO: (no name) - {3BFD0013-2F6A-4060-9A8E-A76CE054F49C} - (no file)
O2 - BHO: (no name) - {3C847F45-3908-46B2-8499-6DA346CA4929} - (no file)
O2 - BHO: (no name) - {469644C1-EAD0-4BE8-8FB4-E4A219EF9CC3} - (no file)
O2 - BHO: (no name) - {5159791b-b229-44d8-b82a-49b8e3cbe811} - (no file)
O2 - BHO: {18c0c79e-6387-0a18-3164-d601ed876106} - {601678de-106d-4613-81a0-7836e97c0c81} - C:\WINDOWS\system32\ewfsyqcy.dll
O2 - BHO: (no name) - {620c19dd-dd5e-4582-9d43-89fdd00e6355} - (no file)
O2 - BHO: (no name) - {6C4D39B5-E92C-45C2-B705-87655CCE146F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CEDE431-82B3-4968-BDC2-D497C8B6E694} - (no file)
O2 - BHO: (no name) - {8F5B8039-1FB8-4818-AE01-FCD9978464FE} - (no file)
O2 - BHO: (no name) - {9CEB2735-47BE-4968-89D2-D11ECA76E030} - (no file)
O2 - BHO: (no name) - {A8B1EC63-C834-44AA-AD40-966A96988815} - (no file)
O2 - BHO: (no name) - {ab51a63c-569b-4185-aba7-7d70a5f8119b} - (no file)
O2 - BHO: (no name) - {b336e14a-27e2-47ff-bf2f-7643913a4fde} - (no file)
O2 - BHO: (no name) - {b63072df-7c6f-434c-8325-8744b461b61a} - (no file)
O2 - BHO: (no name) - {C409D2B7-E80D-46DF-A5D6-D118C09F8409} - (no file)
O2 - BHO: (no name) - {DA2EF1B4-A71C-4278-BFC8-8E0BE1F34840} - (no file)
O2 - BHO: (no name) - {E2E2D0C8-801E-4866-8CE9-04CB1665DABC} - (no file)
O2 - BHO: (no name) - {ed6fd6ff-38f8-4717-ae45-b8180c3533a4} - (no file)
O2 - BHO: (no name) - {f6ac28ef-867c-4c86-9b85-2419c0a1ff87} - (no file)
O2 - BHO: (no name) - {fb58d224-4a63-47c1-8f40-c32daf4c217a} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [18035c72] rundll32.exe "C:\WINDOWS\system32\hugcbfjs.dll",b
O4 - HKLM\..\Run: [kxktshoz] rundll32.exe "C:\Program Files\kxktshoz\ahgpizof.dll",Init
O4 - HKLM\..\Run: [kpmzqxch] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kpmzqxch.dll"
O4 - HKLM\..\Run: [fujivebg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fujivebg.dll"
O20 - Winlogon Notify: gqxqnebs - gqxqnebs.dll (file missing)
O20 - Winlogon Notify: hufszctx - C:\WINDOWS\
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\

________________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Ujgmrkuf\bckqxcyn.dll
C:\Program Files\Rkbldmnn\nvafmhbi.dll
C:\Program Files\Ruvbbfhb\woibizcw.dll
C:\WINDOWS\system32\ewfsyqcy.dll
C:\Documents and Settings\All Users\Application Data\kpmzqxch.dll
C:\Documents and Settings\All Users\Application Data\fujivebg.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________

analyse ce ficheir sur virus total et colle moi le rapport: https://www.virustotal.com/gui/

C:\WINDOWS\system32\Vistadrive\vsdrv.exe
0
Réponse 8 / 27
Adeline02
 
j'ai reussi a supprimé les lignes mais pour OtMoveIt quand je fait Moveit le logiciel se met en "ne repond pas" .

Merci pour le lien :)
0
Réponse 9 / 27
Adeline02
 
et voila le rapport ^^

http://www.virustotal.com/fr/resultado.html?32df80459e9314704e94b639092c2a98
0
Réponse 10 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
fix cette ligne avec hijackthis

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe

___________________

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
- Sélectionne "single File"
- copie et colle:

C:\Program Files\Ujgmrkuf\bckqxcyn.dll
C:\Program Files\Rkbldmnn\nvafmhbi.dll
C:\Program Files\Ruvbbfhb\woibizcw.dll
C:\WINDOWS\system32\ewfsyqcy.dll
C:\Documents and Settings\All Users\Application Data\kpmzqxch.dll
C:\Documents and Settings\All Users\Application Data\fujivebg.dll

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.

Et après reposte un log HijackThis.

_______________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
0
Réponse 11 / 27
Adeline02
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Nod32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nod32\nod32kui.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WowCartographe\WowCartographe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PRISMSTA.EXE] Prismsta.exe /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{662FA424-F11F-4016-A903-7A9AE2404143}: NameServer = 80.10.246.1,80.10.246.139
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 12 / 27
Adeline02
 
Des que j'ai finit le raport je le poste :)
0
Réponse 13 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok
killbox a marché?
0
Réponse 14 / 27
Adeline02
 
Oui cela a marché . Désolé pour le temps j'ai eu quelque petit soucis j'ai du recommencer plusieurs fois .

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-13 17:42:21
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
NOD32 Antivirus 2.51.30 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.xiti.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.bs.serving-sys.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.weborama.fr/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xzenk219.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01559636 Adware/WinAntiSpyware Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/drvfogr.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/ammjprkp.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/bvhiqgen.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/__c00D8CFA.dat.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/catchme2007-11-12_222221.20.zip][__c00942B0.dat]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/hknjwrqm.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/hkwlcxwq.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/jejeuvsc.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/jkgcolfq.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/mcaliyxv.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/mqaowdqy.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/__c00D31C7.dat.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/__c00B8939.dat.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/__c00B7787.dat.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/myvfdblo.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/rjvhnpen.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/rtpsbjgv.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/rvgdnxiw.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/xiojlopx.dll.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/__c002E502.dat.vir]
02646028 Adware/PurityScan Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/__c00A4509.dat.vir]
02688266 Adware/UltimateDefender Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/msvdprqe/msvdprqe2.exe.vir]
02688268 Adware/UltimateCleaner Adware No 1 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/msvdprqe/msvdprqe3.exe.vir]
02688351 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\bieqdilb.dll
02688352 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\bxgxkprn.dll
02688352 Spyware/Virtumonde Spyware No 1 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][WINDOWS/System32/bxgxkprn.dll]
02690923 Adware/UltimateFixer Adware No 0 Yes No C:\upload_moi_ADELINE.tar.gz[upload_moi.tar][qoobox/Quarantine/C/WINDOWS/system32/msvdprqe/msvdprqe1.exe.vir]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 15 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire tout ce qui est dans le fichier quarantine:

va dans poste de travail puis C puis prog files puis

qoobox/Quarantine/

____________________

REFAIS POKET KILLBOX avec ces deux fichiers

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
- Sélectionne "single File"
- copie et colle:

C:\WINDOWS\system32\bieqdilb.dll
C:\WINDOWS\system32\bxgxkprn.dll

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.

Et après reposte un log HijackThis.

________________________

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

_________________________
recolle un rapport COMBOFIX
et dis tes soucis
0
Réponse 16 / 27
Adeline02
 
je ne trouve pas qoobox dans Programme files :s
0
Réponse 17 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
FAIT DEMARREr puis RECHERCHER puis choisi chercher les fichiers et tape qoobox dans la recherche puis clique dessus et vire ce qui est dans quarantine
0
Réponse 18 / 27
Adeline02
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Nod32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nod32\nod32kui.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\WowCartographe\WowCartographe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PRISMSTA.EXE] Prismsta.exe /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{662FA424-F11F-4016-A903-7A9AE2404143}: NameServer = 80.10.246.1,80.10.246.139
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 19 / 27
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vas sur virus total et analyse ces fichiers et dis moi lequels sont inféctés:

https://www.virustotal.com/gui/

C:\WINDOWS\system32\vpkbwurf.dll
C:\WINDOWS\system32\wtuwlckd.dll
C:\WINDOWS\system32\vfhbmpbj.dll
C:\WINDOWS\system32\pmubjglu.dll
C:\WINDOWS\system32\jjsxlxfk.dll
C:\WINDOWS\system32\bsukvomq.dll
C:\WINDOWS\system32\xfijmybl.dll
C:\WINDOWS\system32\rarcawfn.dll
C:\WINDOWS\system32\lejhuotq.dll
C:\WINDOWS\system32\gsesrcem.dll
C:\WINDOWS\system32\hsfnrbvl.dll
C:\WINDOWS\system32\wmjnrrma.dll
0
Réponse 20 / 27
Adeline02
 
Pour chaque fichier j'ai collé les lignes des anti-virus qui annonçait un problème :

C:\WINDOWS\system32\vpkbwurf.dll

AVG 7.5.0.503 2007.11.13 Obfustat.YUY
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\wtuwlckd.dll

AVG 7.5.0.503 2007.11.13 BHO.CNU
F-Secure 6.70.13030.0 2007.11.13 Vundo.gen49
Norman 5.80.02 2007.11.13 Vundo.gen49
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo

C:\WINDOWS\system32\vfhbmpbj.dll

AVG 7.5.0.503 2007.11.13 Obfustat.YUY
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\pmubjglu.dll

AVG 7.5.0.503 2007.11.13 Lop
McAfee 5161 2007.11.12 Vundo
Norman 5.80.02 2007.11.13 W32/Virtumonde.IJR
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo

C:\WINDOWS\system32\jjsxlxfk.dll

AVG 7.5.0.503 2007.11.13 Lop
McAfee 5161 2007.11.12 Vundo
Norman 5.80.02 2007.11.13 W32/Virtumonde.IJR
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo

C:\WINDOWS\system32\bsukvomq.dll

AVG 7.5.0.503 2007.11.13 Obfustat.YUY
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\xfijmybl.dll

AVG 7.5.0.503 2007.11.13 BHO.CNM
F-Secure 6.70.13030.0 2007.11.13 Vundo.gen49
Norman 5.80.02 2007.11.13 Vundo.gen49
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Win32.Malware.gen!88 (suspicious)

C:\WINDOWS\system32\rarcawfn.dll

AVG 7.5.0.503 2007.11.13 Lop
McAfee 5162 2007.11.13 Vundo
Norman 5.80.02 2007.11.13 W32/Virtumonde.IJL
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\lejhuotq.dll

AntiVir 7.6.0.34 2007.11.13 TR/BHO.SK
AVG 7.5.0.503 2007.11.13 BHO.CNG
BitDefender 7.2 2007.11.13 Trojan.Agent.AFTJ
Norman 5.80.02 2007.11.13 W32/Virtumonde.IJG
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
McAfee 5162 2007.11.13 Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Trojan.BHO.SK

C:\WINDOWS\system32\gsesrcem.dll

AntiVir 7.6.0.34 2007.11.13 TR/Agent.AFTJ
AVG 7.5.0.503 2007.11.13 Lop.3.J
BitDefender 7.2 2007.11.13 Trojan.Agent.AFTJ
F-Secure 6.70.13030.0 2007.11.13 Vundo.gen49
Norman 5.80.02 2007.11.13 Vundo.gen49
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Trojan.Agent.AFTJ

C:\WINDOWS\system32\hsfnrbvl.dll

AVG 7.5.0.503 2007.11.13 BHO.CNA
DrWeb 4.44.0.09170 2007.11.13 Trojan.Juan.25
McAfee 5162 2007.11.13 VundoNorman 5.80.02 2007.11.13 W32/Virtumonde.IJF
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Trojan.Vundo
Webwasher-Gateway 6.0.1 2007.11.13 Win32.Malware.gen (suspicious)

C:\WINDOWS\system32\wmjnrrma.dll

AntiVir 7.6.0.34 2007.11.13 ADSPY/Agent.83008
eTrust-Vet 31.2.5291 2007.11.13 Win32/Darksma.FW
McAfee 5162 2007.11.13 Vundo
Norman 5.80.02 2007.11.13 W32/Virtumonde.IJD
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 Malware.Gen
Symantec 10 2007.11.13 Trojan Horse
Webwasher-Gateway 6.0.1 2007.11.13 Ad-Spyware.Agent.83008
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses