Sujet Précédent Sujet Suivant

InfectionVundo et autres

Résolu
nonoy54 Messages postés 460 Statut Membre -  
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour à tous.
Je me permets de demander de l'aide. Mon PC rame de plus en plus, bien que j'essaie de le nettoyer depuis hier avec spybot, ccleaner...
Avast ne semble plus guère fonctionner malgres la reinstallation et un scan en ligne avec bitdefender me trouve au moins 4 virus (vundo.d, agent AFSZ..) dont un dans avast!!!

Un rapport Hijackthis analysé en ligne me signalait quelques problème que j'ai résolu mais je suis toujours infesté.
Quelque fois mon bureau disparait et Avast de mnde toujours à redemarrer le système.

Merci de votre aide

29 réponses

  • 1
  • 2
Réponse 1 / 29
internetasso Messages postés 1054 Date d'inscription   Statut Membre Dernière intervention   177
 
refais un rapport et post le
0
Réponse 2 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Voilà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:55, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\taskswitch .exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\geedd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\mqexyefu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0
Réponse 3 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Slt

Fais un clic droit sur hijackthis,

choisis "renommer" marque : ► tu écris ► PROUT.exe
Puis remet un rapport stp
0
Réponse 4 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Et voici mon prout..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:58, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\taskswitch .exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\geedd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\mqexyefu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Tu l'as renommé ???
Pourquoi t'as pas écrit ""prout"" ???

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse

ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

0
Réponse 6 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Ok merci, vundofix est en route..
Au fait, je 'ai bien renommé pout!!
A+
0
Réponse 7 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Voila les rapport. J'ai eu un petit soucis, mon ordi a planté au redemarage apres vundofix et j'ai un message : C:\WINDOWS\system32\mqexyefu.dll est introuvable?

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 11:37:47 29/12/2007

Listing files found while scanning....

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 16:38:33 29/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\chlxelth.dll
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\fcccyvv.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\geedd.exe
C:\WINDOWS\system32\mqexyefu.dll
C:\WINDOWS\system32\pmnopmn.dll
C:\WINDOWS\system32\qomkllm.dll
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\urqonlj.dll
C:\WINDOWS\system32\xxyaxya.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\chlxelth.dll
C:\WINDOWS\system32\chlxelth.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fcccyvv.dll
C:\WINDOWS\system32\fcccyvv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\geedd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedd.exe
C:\WINDOWS\system32\geedd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mqexyefu.dll
C:\WINDOWS\system32\mqexyefu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnopmn.dll
C:\WINDOWS\system32\pmnopmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkllm.dll
C:\WINDOWS\system32\qomkllm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\taskswitch.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqonlj.dll
C:\WINDOWS\system32\urqonlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyaxya.dll
C:\WINDOWS\system32\xxyaxya.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 17:35:42 29/12/2007

Listing files found while scanning....

[12/29/2007, 17:45:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\claude\Bureau\VirtumundoBeGone.exe" )
[12/29/2007, 17:45:32] - Detected System Information:
[12/29/2007, 17:45:32] - Windows Version: 5.1.2600, Service Pack 2
[12/29/2007, 17:45:32] - Current Username: claude (Admin)
[12/29/2007, 17:45:32] - Windows is in NORMAL mode.
[12/29/2007, 17:45:32] - Searching for Browser Helper Objects:
[12/29/2007, 17:45:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/29/2007, 17:45:32] - BHO 2: {24979561-033f-4428-aed5-bca0c28c79fc} ()
[12/29/2007, 17:45:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 17:45:32] - Checking for HKLM\...\Winlogon\Notify\chlxelth
[12/29/2007, 17:45:32] - Key not found: HKLM\...\Winlogon\Notify\chlxelth, continuing.
[12/29/2007, 17:45:32] - BHO 3: {276E41DC-3D65-466D-902B-22954CD04961} ()
[12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\geedd
[12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\geedd, continuing.
[12/29/2007, 17:45:33] - BHO 4: {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} ()
[12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\fcccyvv
[12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\fcccyvv, continuing.
[12/29/2007, 17:45:33] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/29/2007, 17:45:33] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/29/2007, 17:45:33] - BHO 7: {8D59C37A-704E-4A73-B86B-88C3757A9E9B} ()
[12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\jkkli
[12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\jkkli, continuing.
[12/29/2007, 17:45:33] - Finished Searching Browser Helper Objects
[12/29/2007, 17:45:33] - Finishing up...
[12/29/2007, 17:45:33] - Nothing found! Exiting...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:40, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\taskswitch .exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\mqexyefu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0
Réponse 8 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Pour la DLL, j'ai réglé le problème. J'ai lu sur le forum que cela pouvait être un résidu de virus, alors je l'ai supprimé dans le registre.
0
Réponse 9 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
télécharge combofix (par sUBs)ici :
Combofix est un programme qui supprime des trojans/backdoor connues et rootkits
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Poste aussi un nouveau rapport Hijackthis.
0
Réponse 10 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Voici les rapports

ComboFix 07-12-21.4 - claude 2007-12-29 19:57:46.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.142 [GMT 1:00]
Running from: C:\Documents and Settings\claude\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\system32\fcccyvv.dll
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\SysPr.prx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_M_HOOK
-------\LEGACY_NWSAPAGENT

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))))))))
.

2007-12-29 20:30 . 2007-12-29 20:30 319 --ahs---- C:\WINDOWS\system32\ilkkj.ini
2007-12-29 20:28 . 2007-12-29 20:28 344,576 --------- C:\WINDOWS\system32\jkkli.dll
2007-12-29 17:40 . 2007-12-29 20:29 348,160 --a------ C:\WINDOWS\system32\jkkli.exe
2007-12-29 14:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-29 14:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-29 14:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-29 14:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 11:37 . 2007-12-29 17:35 <REP> d----c--- C:\VundoFix Backups
2007-12-29 10:22 . 2007-12-29 10:22 <REP> d-------- C:\Program Files\Trend Micro
2007-12-29 10:00 . 2007-12-29 16:02 1,031,458 ---hs---- C:\WINDOWS\system32\ufeyxeqm.ini
2007-12-27 22:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-27 22:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-27 22:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-27 22:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-27 22:38 . 2007-12-27 22:38 <REP> d-------- C:\Program Files\Alwil Software
2007-12-27 22:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-27 22:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-27 22:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-27 22:36 . 2007-12-27 22:36 18,764,248 --a------ C:\Program Files\setupfre.exe
2007-12-27 17:57 . 2007-12-29 18:35 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-27 06:51 . 2007-12-29 20:28 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
2007-12-26 21:47 . 2007-12-26 21:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-10 21:46 . 2007-12-10 21:46 6,688 --a------ C:\WINDOWS\movexe.exe
2007-12-10 21:45 . 2007-12-10 21:47 <REP> d----c--- C:\Accord
2007-12-09 15:52 . 2007-12-24 16:05 <REP> d-------- C:\Program Files\TubeMaster
2007-12-04 14:52 . 2007-12-04 14:52 <REP> d-------- C:\Documents and Settings\Administrateur.CLAUDE-6E5OYUA3\Application Data\Lavasoft
2007-11-30 16:22 . 2007-11-30 16:22 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 17:35 393,728 ----a-w C:\WINDOWS\system32\taskswitch.exe
2007-12-29 09:21 839,687 ----a-w C:\WINDOWS\Fonts\svchost .exe
2007-12-29 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 00:34 --------- d-----w C:\Program Files\QuickTime
2007-12-24 15:41 --------- d-----w C:\Program Files\Navilog1
2007-12-11 21:03 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-05 20:37 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\eerd
2007-12-04 13:49 --------- d-----w C:\Program Files\VirtualDJ
2007-12-01 07:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 07:45 --------- d-----w C:\Program Files\Digidesign
2007-12-01 07:44 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2007-11-27 15:13 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
2007-11-27 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2007-11-26 17:39 --------- d-----w C:\Documents and Settings\claude\Application Data\Canon
2007-11-25 17:19 --------- d-----w C:\Program Files\Acoustica Beatcraft
2007-11-25 17:07 --------- d-----w C:\Program Files\Acoustica Shared Effects
2007-11-25 16:19 --------- d-----w C:\Program Files\Sony Setup
2007-11-25 14:35 --------- d-----w C:\Program Files\VstPlugins
2007-11-25 14:34 --------- d-----w C:\Program Files\Image-Line
2007-11-24 22:48 --------- d-----w C:\Program Files\Power Tab Software
2007-11-15 21:14 --------- d-----w C:\Documents and Settings\claude\Application Data\Sibelius Software
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2007-11-15 21:09 --------- d-----w C:\Program Files\Sibelius Software
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 17:06 --------- d-----w C:\Documents and Settings\claude\Application Data\SolidDocuments
2007-11-01 14:40 --------- d-----w C:\Program Files\TablEdit
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 22:40 --------- d-----w C:\Program Files\Real Alternative
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 19:32 4,981,232 ----a-w C:\Program Files\camfrog.exe
2007-10-14 15:33 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-10-12 08:40 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-12 08:40 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-12 08:38 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-10-12 08:38 267,845 ----a-w C:\WINDOWS\Tsc.exe
2007-09-15 07:50 59,656 ----a-w C:\Documents and Settings\claude\Application Data\GDIPFONTCACHEV1.DAT
2007-06-16 14:55 412,303 ----a-w C:\Program Files\GSpot270a-fr-Colok.zip
2007-03-14 21:37 5,397,560 ----a-w C:\Program Files\VOFR230FOGTB6.EXE
2007-03-08 20:17 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
2007-01-21 17:52 59,272 ----a-w C:\Documents and Settings\lucas\Application Data\GDIPFONTCACHEV1.DAT
2007-01-20 07:53 5,063,192 ----a-w C:\Program Files\cfc.exe
2007-01-11 13:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2006-11-19 15:53 47,360 ----a-w C:\Documents and Settings\claude\Application Data\pcouffin.sys
2006-10-28 08:34 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-09-13 20:01 10,162,173 ----a-w C:\Program Files\SN-510.exe
2006-08-26 13:49 26,892 ----a-w C:\Program Files\torbutton-1.0.4-fx+tb.xpi
2006-08-26 11:38 326,263 ----a-w C:\Program Files\spell-fr-FR.xpi
2006-04-30 05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-03-30 16:09 3,643 -c--a-w C:\Program Files\ads_err.dbf
2006-03-03 10:32 237,568 ----a-w C:\Program Files\ispare.exe
2005-10-31 15:56 700,416 -c--a-w C:\Program Files\StubInstaller.exe
2005-09-22 05:06 1,076,480 -c--a-w C:\Program Files\setupfr.exe
2005-06-02 18:45 14,896 -c--a-w C:\Program Files\MACDR005.CST
2005-01-02 10:44 8,192 ----a-w C:\Program Files\Signatures.reg
2005-01-02 10:44 49,152 ----a-w C:\Program Files\Expblock.reg
2005-01-02 10:44 24,576 ----a-w C:\Program Files\MailRules.reg
2004-11-01 17:00 106,240 -c--a-w C:\Program Files\Windows-KB870669-x86-ENU.exe
2004-10-03 15:55 352,032 -c--a-w C:\Program Files\WindowsXP-KB822603-x86-FRA.exe
2004-08-04 11:17 1,128,203 -c--a-w C:\Program Files\dvdshrink32setup_FR.exe
2004-07-08 19:58 884,390 ----a-w C:\Program Files\bootvis1337fr.exe
2004-04-15 06:34 1,089,660 -c--a-w C:\Program Files\data256.dbb
2004-03-13 18:07 381,012 ----a-w C:\Program Files\plmessengerctrl.exe
2004-03-13 07:23 389,376 -c--a-w C:\Program Files\Q831167.exe
2004-02-22 10:42 39 -c--a-w C:\Program Files\CTJINI.INI
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24979561-033f-4428-aed5-bca0c28c79fc}]
C:\WINDOWS\system32\chlxelth.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{276E41DC-3D65-466D-902B-22954CD04961}]
C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6624506A-9F64-4983-9E41-23441CCCC0F8}]
2007-12-29 20:28 344576 --------- C:\WINDOWS\system32\jkkli.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-12-29 18:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2007-12-29 18:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-29 20:29]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
"NVIDIA Video drivers"="video_32sD.exe" []
"NAV Scan Service"="NAVscan32.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\jkkli.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claude^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
1998-10-28 11:09 44032 --a------ C:\Program Files\Caere\OmniPagePro90\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-26 20:44]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S2 CoachCap;Concord EyeQ Duo LCD USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-02-10 12:06]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-02-10 12:06]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-02-10 12:06]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-02-10 12:06]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-02-10 12:06]

*Newly Created Service* - DOMAINSERVICE
*Newly Created Service* - NWSAPAGENT
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 20:30:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\jkkli.dll
-> C:\Program Files\WIDCOMM\Logiciel Bluetooth\btkeyind.dll
.
Completion time: 2007-12-29 20:34:14 - machine was rebooted
.
2007-12-12 07:03:44 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:34, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\taskswitch .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0
Réponse 11 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Fais un clic droit sur hijackthis,

choisis "renommer" marque :► tu écris ► PROUT.exe
Il faut impérativement que les lignes 02 apparaissent, sinon c'est pas bon

Puis remet un rapport stp

Pourquoi renommer HT

Parce que qu'il semble que les infections Vundo aient la particularité de se "cacher"
à la détection de HJT proprement dite ou à son analyse : la modification du nom de l'exe pallie ce problème...
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

0
Réponse 12 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Je suis au bureau actuellement. je fais tout ça cet aprés midi à la maison.
Merci de ton aide
0
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
ok
0
Réponse 13 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:49, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\safbhjna.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\prout\prout.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0FF6578E-A869-4A1B-8CB3-701FFC637508} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: (no name) - {168EDE18-EC13-4922-8CDA-BD284F90F673} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: (no name) - {276E41DC-3D65-466D-902B-22954CD04961} - (no file)
O2 - BHO: {ab2bd84d-dcb7-285b-3264-82b02776f005} - {500f6772-0b28-4623-b582-7bcdd48db2ba} - C:\WINDOWS\system32\ulmfnfbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\usiyftuo.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\safbhjna.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0
Réponse 14 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
C'est normal pour bitdefender

A)- Pour cette ligne
O23 - Service: DomainService - - C:\WINDOWS\system32\safbhjna.exe
Vas dans le menu « Démarrer » , « Exécuter » et tu fais un copier/coller de services.msc
dans la lucarne de saisie.
Valide par [OK]
La fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné,
sinon faites-le.
Cherche le service suivant: DomainService et double-clique dessus.
Une nouvelle fenêtre "Propriétés" s'ouvre alors : < https://www.zebulon.fr/images/dossiers/propriete.gif >
-dans le champ"Status du service" mets-le sur "arrêté"
-dans le champ"Type de démarrage" mets-le sur "désactivé"
-puis clique sur "Appliquer" puis"ok"
-Quitte les services.

Refais un ComboFix dans la foulée

Refais un Combofix
stp
0
Réponse 15 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Et voili

ComboFix 07-12-21.4 - claude 2007-12-31 16:49:22.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT 1:00]
Running from: C:\Documents and Settings\claude\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\outfyisu.ini
C:\WINDOWS\system32\safbhjna.exe
C:\WINDOWS\system32\ulmfnfbc.dll
C:\WINDOWS\system32\usiyftuo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_M_HOOK
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.

2007-12-31 12:26 . 2007-12-31 16:49 348,160 --a------ C:\WINDOWS\system32\jkkli.exe
2007-12-30 22:51 . 2007-10-12 09:38 38,118,973 --a------ C:\WINDOWS\LPT$VPN.771
2007-12-30 22:49 . 2007-12-30 22:49 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-30 11:55 . 2007-12-30 11:55 <REP> d-------- C:\Program Files\Ashampoo
2007-12-30 10:46 . 2007-12-30 10:46 167 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-29 14:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-29 14:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-29 14:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-29 14:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 11:37 . 2007-12-31 09:10 <REP> d----c--- C:\VundoFix Backups
2007-12-29 10:22 . 2007-12-31 15:00 <REP> d-------- C:\Program Files\Trend Micro
2007-12-29 10:00 . 2007-12-29 16:02 1,031,458 ---hs---- C:\WINDOWS\system32\ufeyxeqm.ini
2007-12-27 22:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-27 22:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-27 22:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-27 22:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-27 22:38 . 2007-12-27 22:38 <REP> d-------- C:\Program Files\Alwil Software
2007-12-27 22:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-27 22:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-27 22:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-27 22:36 . 2007-12-27 22:36 18,764,248 --a------ C:\Program Files\setupfre.exe
2007-12-27 17:57 . 2007-12-31 07:12 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-27 06:51 . 2007-12-29 22:13 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
2007-12-26 21:47 . 2007-12-26 21:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-10 21:46 . 2007-12-10 21:46 6,688 --a------ C:\WINDOWS\movexe.exe
2007-12-10 21:45 . 2007-12-10 21:47 <REP> d----c--- C:\Accord
2007-12-09 15:52 . 2007-12-24 16:05 <REP> d-------- C:\Program Files\TubeMaster
2007-12-04 14:52 . 2007-12-04 14:52 <REP> d-------- C:\Documents and Settings\Administrateur.CLAUDE-6E5OYUA3\Application Data\Lavasoft
2007-11-30 16:22 . 2007-11-30 16:22 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents
2007-11-27 16:41 . 2004-10-08 00:42 577,536 --a------ C:\WINDOWS\system32\DSI.dll
2007-11-27 16:41 . 2004-10-08 01:06 90,112 --a------ C:\WINDOWS\system32\WinMMFix.dll
2007-11-27 16:41 . 2004-10-08 00:39 15,872 --a------ C:\WINDOWS\system32\KeyFilter.dll
2007-11-27 16:41 . 2002-10-31 16:33 3,478 --a------ C:\WINDOWS\system32\digicoin.dll
2007-11-27 16:40 . 2004-10-08 00:54 892,928 --a------ C:\WINDOWS\system32\DirectIO.dll
2007-11-27 16:40 . 2004-10-08 00:54 74,240 --a------ C:\WINDOWS\system32\drivers\Dalwdm.sys
2007-11-27 16:15 . 2007-11-27 16:15 <REP> d----c--- C:\Digidesign Databases
2007-11-27 16:13 . 2007-11-27 16:13 <REP> d-------- C:\Program Files\Fichiers communs\PACE Anti-Piracy
2007-11-27 16:13 . 2007-11-27 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2007-11-27 16:07 . 2003-11-06 11:19 540,672 --a------ C:\WINDOWS\system32\ilinet.dll
2007-11-27 16:07 . 2003-11-06 12:04 68,320 --a------ C:\WINDOWS\system32\drivers\TPkd.sys
2007-11-27 16:07 . 2003-07-07 13:26 26,541 --a------ C:\WINDOWS\system32\drivers\iLokDrvr.sys
2007-11-27 16:02 . 2001-06-27 10:13 217,088 --a------ C:\WINDOWS\system32\qtmlClient.dll
2007-11-27 16:01 . 2007-12-01 08:44 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
2007-11-27 16:01 . 2007-12-01 08:45 <REP> d-------- C:\Program Files\Digidesign
2007-11-25 18:07 . 2007-11-25 18:07 <REP> d-------- C:\Program Files\Acoustica Shared Effects
2007-11-25 18:07 . 2007-11-25 18:19 <REP> d-------- C:\Program Files\Acoustica Beatcraft
2007-11-25 17:19 . 2007-11-25 17:19 <REP> d-------- C:\Program Files\Sony Setup
2007-11-24 18:18 . 2007-11-25 15:35 <REP> d-------- C:\Program Files\VstPlugins
2007-11-24 18:18 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2007-11-24 18:18 . 2003-04-07 12:07 217,088 -ra------ C:\WINDOWS\system32\rewire.dll
2007-11-24 18:16 . 2007-11-25 15:34 <REP> d-------- C:\Program Files\Image-Line
2007-11-24 17:56 . 2007-11-24 23:48 <REP> d-------- C:\Program Files\Power Tab Software
2007-11-23 15:23 . 2004-10-01 14:44 44,003 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2007-11-15 22:14 . 2007-11-15 22:14 <REP> d-------- C:\Documents and Settings\claude\Application Data\Sibelius Software
2007-11-15 22:09 . 2007-11-15 22:09 <REP> d-------- C:\Program Files\Sibelius Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 11:32 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 00:34 --------- d-----w C:\Program Files\QuickTime
2007-12-11 21:03 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-05 20:37 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\eerd
2007-12-04 13:49 --------- d-----w C:\Program Files\VirtualDJ
2007-12-01 07:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 17:39 --------- d-----w C:\Documents and Settings\claude\Application Data\Canon
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 17:06 --------- d-----w C:\Documents and Settings\claude\Application Data\SolidDocuments
2007-11-01 14:40 --------- d-----w C:\Program Files\TablEdit
2007-10-28 22:40 --------- d-----w C:\Program Files\Real Alternative
2007-10-20 19:32 4,981,232 ----a-w C:\Program Files\camfrog.exe
2007-10-14 15:33 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-10-12 08:40 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-12 08:40 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-12 08:38 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-10-12 08:38 267,845 ----a-w C:\WINDOWS\Tsc.exe
2007-09-15 07:50 59,656 ----a-w C:\Documents and Settings\claude\Application Data\GDIPFONTCACHEV1.DAT
2007-06-16 14:55 412,303 ----a-w C:\Program Files\GSpot270a-fr-Colok.zip
2007-03-14 21:37 5,397,560 ----a-w C:\Program Files\VOFR230FOGTB6.EXE
2007-03-08 20:17 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
2007-01-21 17:52 59,272 ----a-w C:\Documents and Settings\lucas\Application Data\GDIPFONTCACHEV1.DAT
2007-01-20 07:53 5,063,192 ----a-w C:\Program Files\cfc.exe
2007-01-11 13:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2006-11-19 15:53 47,360 ----a-w C:\Documents and Settings\claude\Application Data\pcouffin.sys
2006-10-28 08:34 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-09-13 20:01 10,162,173 ----a-w C:\Program Files\SN-510.exe
2006-08-26 13:49 26,892 ----a-w C:\Program Files\torbutton-1.0.4-fx+tb.xpi
2006-08-26 11:38 326,263 ----a-w C:\Program Files\spell-fr-FR.xpi
2006-04-30 05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-03-30 16:09 3,643 -c--a-w C:\Program Files\ads_err.dbf
2006-03-03 10:32 237,568 ----a-w C:\Program Files\ispare.exe
2005-10-31 15:56 700,416 -c--a-w C:\Program Files\StubInstaller.exe
2005-09-22 05:06 1,076,480 -c--a-w C:\Program Files\setupfr.exe
2005-06-02 18:45 14,896 -c--a-w C:\Program Files\MACDR005.CST
2005-01-02 10:44 8,192 ----a-w C:\Program Files\Signatures.reg
2005-01-02 10:44 49,152 ----a-w C:\Program Files\Expblock.reg
2005-01-02 10:44 24,576 ----a-w C:\Program Files\MailRules.reg
2004-11-01 17:00 106,240 -c--a-w C:\Program Files\Windows-KB870669-x86-ENU.exe
2004-10-03 15:55 352,032 -c--a-w C:\Program Files\WindowsXP-KB822603-x86-FRA.exe
2004-08-04 11:17 1,128,203 -c--a-w C:\Program Files\dvdshrink32setup_FR.exe
2004-07-08 19:58 884,390 ----a-w C:\Program Files\bootvis1337fr.exe
2004-04-15 06:34 1,089,660 -c--a-w C:\Program Files\data256.dbb
2004-03-13 18:07 381,012 ----a-w C:\Program Files\plmessengerctrl.exe
2004-03-13 07:23 389,376 -c--a-w C:\Program Files\Q831167.exe
2004-02-22 10:42 39 -c--a-w C:\Program Files\CTJINI.INI
2004-01-10 10:29 471,744 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2003-03-18 10:33 2,100,352 ----a-w C:\Program Files\q810847.exe
2003-03-15 13:43 824 ----a-w C:\Program Files\FT1047735746-6099.ins
2003-02-09 07:31 824 ------w C:\Program Files\FT1044775858-4406.ins
2003-01-25 17:17 59,992 ----a-w C:\Program Files\msnaddin.exe
2003-01-03 14:02 134 -c--a-w C:\Program Files\install.txt
2002-12-30 11:43 495,432 -c--a-w C:\Program Files\ie6setup
2002-12-22 15:52 1,309 -c--a-w C:\Program Files\data1024.dbb
2001-12-14 11:57 432,683 -c--a-w C:\Program Files\tv-radio.exe
2001-09-19 09:26 291 -c--a-w C:\Program Files\FILE_ID.DIZ
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBA09EEE-CC2C-4F8B-8122-CBF1207512DD}]
2007-12-31 17:04 344576 --a------ C:\WINDOWS\system32\jkkli.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-12-31 07:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-31 17:04]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
"NVIDIA Video drivers"="video_32sD.exe" []
"NAV Scan Service"="NAVscan32.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\jkkli.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claude^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
1998-10-28 11:09 44032 --a------ C:\Program Files\Caere\OmniPagePro90\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-26 20:44]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S2 CoachCap;Concord EyeQ Duo LCD USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-02-10 12:06]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-02-10 12:06]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-02-10 12:06]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-02-10 12:06]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-02-10 12:06]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 17:03:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ilkkj.ini 6516 bytes
C:\WINDOWS\system32\ilkkj.ini2 319 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2007-12-31 17:09:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-30 10:31
C:\ComboFix3.txt ... 2007-12-29 20:34
.
2007-12-12 07:03:44 --- E O F ---
0
Réponse 16 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Je pense que le problème est là:

C:\WINDOWS\system32\ilkkj.ini 6516 bytes
C:\WINDOWS\system32\ilkkj.ini2 319 bytes

mais comment l'eliminer?
0
Réponse 17 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Refais un log Hijakthis
Stp
0
Réponse 18 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:25, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\prout\prout.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {51D03C49-5B91-4171-BB5F-195E577B9D6A} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B86EAC34-4D8F-4E8C-82F4-E89E579D2FCB} - C:\WINDOWS\system32\jkkli.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0
Réponse 19 / 29
nonoy54 Messages postés 460 Statut Membre 7
 
J'ai desinstallé Avast et installé Antivir. Il trouve sans arret drop.agent. DGO.8 et drop.agent DGO.21
0
Réponse 20 / 29
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Re

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

C:\WINDOWS\system32\jkkli.exe

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
0