Sujet Précédent Sujet Suivant

PC infecté: virtumonde, rootkit etc...

Résolu/Fermé
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 - 30 déc. 2007 à 14:58
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 - 31 déc. 2007 à 14:14
Bonjour,
j'ai récupéré un pc infecté. Je sollicite votre aide pour le soigner

j'ai très peu d'expérience en info mais je vous ai posté le log de hijackthis

pouvez vous me dire quelles sont les prochines étapes

merci





log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:23, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=4070123
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=4070123
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2AE4005E-689F-4FB9-8C3D-D2B8B58AC072} - C:\WINDOWS\system32\nnnonml.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D718998-4BAF-405C-A450-4BC6EB6D2C82} - C:\WINDOWS\system32\vtsqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86FF02E0-EB53-4DA7-90BD-DA0FD39E54DA} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CF1FF21-9927-4170-B19C-64DFC68D909C} - (no file)
O2 - BHO: (no name) - {a4f25d6c-6930-45e9-894f-0fb3b4b06c26} - C:\WINDOWS\system32\jdfrdqoq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C84BC267-145C-42BC-AEB4-86640A7D819A} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?836641679c094e5f9143343be21f7840
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?836641679c094e5f9143343be21f7840
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: nnnonml - C:\WINDOWS\SYSTEM32\nnnonml.dll
O20 - Winlogon Notify: pmnklig - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
A voir également:

70 réponses

Réponse 1 / 70
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
31 déc. 2007 à 13:29
Re,

C'est un peu compliqué à expliquer, mais l'infection Vundo qui te touchait (entre autres) se caractérise par des entrée en 02 et en 20 dans le registre et des fichier .dll, et .ini caractéristiques.

1/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
3/ Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp
4/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Tes infections : Vundo, Fotomoto, Kobcka, Backdoor.SDBot ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM
5/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
6/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

Content qu'on ai pu t'aider.

FillPCA
1
Réponse 2 / 70
Utilisateur anonyme
30 déc. 2007 à 15:03
salut,


tu as 1 procédure ici

http://mickael.barroux.free.fr/securite/vundo.php
0
Réponse 3 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 15:15
merci je vais suivre cette étape


. mais je crois qu'il y a d'autres virus et je ne sais pas comment traduire le rapport de hijack
donc si quelqu'un pouvait me dire ce que ce rapport dit et ensuite m'indiquer les étapes a suivre
0
Réponse 4 / 70
Utilisateur anonyme
30 déc. 2007 à 15:25
commence toujours a faire la procédure indiqué

ensuite fais un copier/ coller post le rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 16:20
rapport sdfix:


SDFix: Version 1.120

Run by Gr‚gory Even on 30/12/2007 at 15:19

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
smtpdrv

Path:
System32\DRIVERS\smtpdrv.sys

smtpdrv - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\ADBERD~1.EXE - Deleted
C:\PSA30S~1.EXE - Deleted
C:\Documents and Settings\Gr‚gory Even\Favoris\Online Security Guide.lnk - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image015.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image019.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image023.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image080.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image108.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image110.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image112.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image114.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image115.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image117.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image119.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image152.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image68.zip - Deleted
C:\DOCUME~1\GRGORY~1\LOCALS~1\Temp\image72.zip - Deleted
C:\WINDOWS\system32\3_exception.nls - Deleted
C:\WINDOWS\system32\drivers\smtpdrv.sys - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 15:32:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000117
"TracesSuccessful"=dword:00000002

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Disabled:Microsoft (R) HTML Application host"
"C:\\WINDOWS\\system32\\winIogon.exe"="C:\\WINDOWS\\system32\\winIogon.exe:*:Enabled:Windows Logon Application"
"C:\\WINDOWS\\system32\\rbywxj.exe"="C:\\WINDOWS\\system32\\rbywxj.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\qjxlbt.exe"="C:\\WINDOWS\\system32\\qjxlbt.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\oinxw.exe"="C:\\WINDOWS\\system32\\oinxw.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\gxsrujf.exe"="C:\\WINDOWS\\system32\\gxsrujf.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\aqvv.exe"="C:\\WINDOWS\\system32\\aqvv.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\macygv.exe"="C:\\WINDOWS\\system32\\macygv.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\ljclnp.exe"="C:\\WINDOWS\\system32\\ljclnp.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\pnlm.exe"="C:\\WINDOWS\\system32\\pnlm.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\wnjnox.exe"="C:\\WINDOWS\\system32\\wnjnox.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\hzunomp.exe"="C:\\WINDOWS\\system32\\hzunomp.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\qfngywqy.exe"="C:\\WINDOWS\\system32\\qfngywqy.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\cbac.exe"="C:\\WINDOWS\\system32\\cbac.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\xburui.exe"="C:\\WINDOWS\\system32\\xburui.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\ihmu.exe"="C:\\WINDOWS\\system32\\ihmu.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\irrtn.exe"="C:\\WINDOWS\\system32\\irrtn.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\qatbb.exe"="C:\\WINDOWS\\system32\\qatbb.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\rjsx.exe"="C:\\WINDOWS\\system32\\rjsx.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\xsvso.exe"="C:\\WINDOWS\\system32\\xsvso.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\ufycugl.exe"="C:\\WINDOWS\\system32\\ufycugl.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\apzpxze.exe"="C:\\WINDOWS\\system32\\apzpxze.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\nkrao.exe"="C:\\WINDOWS\\system32\\nkrao.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\xhgar.exe"="C:\\WINDOWS\\system32\\xhgar.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\dakpdph.exe"="C:\\WINDOWS\\system32\\dakpdph.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\othd.exe"="C:\\WINDOWS\\system32\\othd.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\nfsmucx.exe"="C:\\WINDOWS\\system32\\nfsmucx.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\dehf.exe"="C:\\WINDOWS\\system32\\dehf.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\cisp.exe"="C:\\WINDOWS\\system32\\cisp.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\dhjvmm.exe"="C:\\WINDOWS\\system32\\dhjvmm.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\qpxtkyl.exe"="C:\\WINDOWS\\system32\\qpxtkyl.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\fwbrwyj.exe"="C:\\WINDOWS\\system32\\fwbrwyj.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\kgpc.exe"="C:\\WINDOWS\\system32\\kgpc.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\wjjavwci.exe"="C:\\WINDOWS\\system32\\wjjavwci.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\orzj.exe"="C:\\WINDOWS\\system32\\orzj.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 19 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 24 Oct 2007 57,344 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Mes documents\Ecoute Clients\~WRL2717.tmp"
Thu 13 Sep 2007 433,664 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Mes documents\SCAPNOR LECLERC\~WRL0001.tmp"
Fri 29 Jun 2007 19,968 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Application Data\Microsoft\Word\~WRL0003.tmp"
Fri 29 Jun 2007 23,552 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Application Data\Microsoft\Word\~WRL2063.tmp"
Fri 29 Jun 2007 23,040 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Application Data\Microsoft\Word\~WRL3037.tmp"
Mon 24 Sep 2007 51,200 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Mes documents\Animations\animation 2007\~WRL0001.tmp"
Fri 2 Feb 2007 50,176 ...H. --- "C:\Documents and Settings\Gr‚gory Even\Mes documents\SCAPNOR LECLERC\SCAPNOR\PROMO 2007\~WRL2170.tmp"
Tue 23 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Tue 23 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Tue 23 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Tue 23 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Tue 23 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Tue 23 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"

Finished!
0
Réponse 6 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 16:21
rapport combofix:

ComboFix 07-12-21.4 - Grégory Even 2007-12-30 16:09:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.490 [GMT 1:00]
Running from: C:\Documents and Settings\Grégory Even\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Grégory Even\ResErrors.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\5_exception.nls

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\smtpdrv


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.

2007-12-30 15:38 . 2007-12-30 16:00 <REP> d-------- C:\VundoFix Backups
2007-12-30 15:17 . 2007-12-30 15:18 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-30 14:48 . 2007-12-30 15:07 <REP> d-------- C:\HiJackThis
2007-12-30 13:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-30 13:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-30 13:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-30 13:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 13:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 13:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 13:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 13:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 12:45 . 2007-12-30 13:03 <REP> d-------- C:\Program Files\Alwil Software
2007-12-28 18:05 . 2007-12-30 12:44 774 ---hs---- C:\WINDOWS\system32\rtrvsbak.ini
2007-12-27 17:58 . 2007-12-28 18:03 414 ---hs---- C:\WINDOWS\system32\xcqvlllx.ini
2007-12-27 14:52 . 2007-12-27 14:52 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 20:08 . 2007-12-26 17:55 534 ---hs---- C:\WINDOWS\system32\paarpxpi.ini
2007-12-20 19:55 . 2007-12-21 20:03 354 ---hs---- C:\WINDOWS\system32\qemgsxrg.ini
2007-12-19 19:32 . 2007-12-19 19:32 294 ---hs---- C:\WINDOWS\system32\xqwspcop.ini
2007-12-19 17:35 . 2007-12-30 16:12 21,760 --a------ C:\WINDOWS\Tah53.sys
2007-12-18 19:35 . 2007-12-19 09:01 414 ---hs---- C:\WINDOWS\system32\yabuesus.ini
2007-12-15 19:35 . 2007-12-16 16:37 654 ---hs---- C:\WINDOWS\system32\ndojojsw.ini
2007-12-15 15:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-15 08:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-15 08:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-15 08:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-15 08:40 . 2007-12-14 17:12 57,662 --a------ C:\WINDOWS\system32\fx.exe
2007-12-15 08:40 . 2004-03-05 07:01 31,232 --a------ C:\WINDOWS\system32\pv.exe
2007-12-14 21:09 . 2007-12-14 21:09 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-14 19:34 . 2007-12-15 19:34 414 ---hs---- C:\WINDOWS\system32\vpwyioef.ini
2007-12-14 18:01 . 2007-12-14 18:52 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-14 18:00 . 2007-12-14 18:55 <REP> d-------- C:\Program Files\Windows Live
2007-12-14 17:59 . 2007-12-14 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-14 07:32 . 2007-12-19 08:53 21,760 --a------ C:\WINDOWS\system32\drivers\Tah53.sys
2007-12-13 19:28 . 2007-12-14 18:17 414 ---hs---- C:\WINDOWS\system32\vyjoqiun.ini
2007-12-13 07:41 . 2007-12-13 07:44 354 ---hs---- C:\WINDOWS\system32\ojsnxrgy.ini
2007-12-12 21:34 . 2007-12-12 21:34 127 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-12 21:19 . 2007-12-14 18:08 544 --a------ C:\WINDOWS\_delis32.ini
2007-12-12 07:33 . 2007-12-12 19:03 594 ---hs---- C:\WINDOWS\system32\tqwlnuvh.ini
2007-12-11 07:44 . 2007-12-11 07:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-11 07:33 . 2007-12-11 19:17 474 ---hs---- C:\WINDOWS\system32\sgmytfvd.ini
2007-12-10 17:24 . 2007-12-10 17:24 <REP> d-------- C:\Program Files\Yahoo!
2007-12-10 17:24 . 2007-12-10 17:29 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 17:08 . 2007-12-10 17:08 354 ---hs---- C:\WINDOWS\system32\ukilynlv.ini
2007-12-06 18:57 . 2007-12-10 17:08 294 ---hs---- C:\WINDOWS\system32\katxfciv.ini
2007-12-05 21:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-05 18:58 . 2007-12-05 19:34 798,047 ---hs---- C:\WINDOWS\system32\fsaxjoxn.ini
2007-12-05 06:55 . 2007-12-05 06:55 669,532 ---hs---- C:\WINDOWS\system32\lmtkqyap.ini
2007-12-04 18:39 . 2007-12-05 19:34 369 --a------ C:\WINDOWS\wininit.ini
2007-12-04 18:11 . 2007-12-28 08:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 23:00 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-03 22:58 . 2007-12-05 06:49 805,861 ---hs---- C:\WINDOWS\system32\atwboiha.ini
2007-12-02 10:35 . 2007-12-02 10:35 244 --ah----- C:\sqmnoopt09.sqm
2007-12-02 10:35 . 2007-12-02 10:35 232 --ah----- C:\sqmdata09.sqm
2007-12-02 09:47 . 2007-12-30 15:53 204,732 --ahs---- C:\WINDOWS\system32\qqstv.ini2
2007-12-02 09:47 . 2007-12-30 15:55 204,732 --ahs---- C:\WINDOWS\system32\qqstv.ini
2007-11-15 18:12 . 2007-11-15 18:12 244 --ah----- C:\sqmnoopt08.sqm
2007-11-15 18:12 . 2007-11-15 18:12 232 --ah----- C:\sqmdata08.sqm
2007-11-14 18:30 . 2007-11-14 18:30 244 --ah----- C:\sqmnoopt07.sqm
2007-11-14 18:30 . 2007-11-14 18:30 244 --ah----- C:\sqmnoopt05.sqm
2007-11-14 18:30 . 2007-11-14 18:30 232 --ah----- C:\sqmdata07.sqm
2007-11-14 18:30 . 2007-11-14 18:30 232 --ah----- C:\sqmdata05.sqm
2007-11-14 18:30 . 2007-11-14 18:30 148 --ah----- C:\sqmdata06.sqm
2007-11-14 18:30 . 2007-11-14 18:30 136 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-30 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 11:29 --------- d-----w C:\Program Files\TomTom HOME
2007-12-14 20:10 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-14 17:11 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-12-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2007-12-12 20:18 --------- d-----w C:\Program Files\Logitech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C365396-CB85-4E18-A7E3-D609D3A27F55}]
C:\WINDOWS\system32\vtsqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86FF02E0-EB53-4DA7-90BD-DA0FD39E54DA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CF1FF21-9927-4170-B19C-64DFC68D909C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4f25d6c-6930-45e9-894f-0fb3b4b06c26}]
C:\WINDOWS\system32\jdfrdqoq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84BC267-145C-42BC-AEB4-86640A7D819A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 15:42]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 00:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 03:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 03:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-10-31 22:48]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 10:44]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"DXDllRegExe"="dxdllreg.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-06 11:39]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 13:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnklig]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\703f84d0]
rundll32.exe C:\WINDOWS\system32\kabsvrtr.dll,b

R0 Tah53;Tah53;C:\WINDOWS\system32\Drivers\Tah53.sys [2007-12-19 08:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b4c7fd1-a8dd-11dc-86b0-00197d4885ca}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50612461-6cbb-11dc-8654-00197d4885ca}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-30 15:01:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 16:14:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\8_exception.nls 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-12-30 16:16:27 - machine was rebooted
.
2007-12-15 16:21:07 --- E O F ---
0
Réponse 7 / 70
Utilisateur anonyme
30 déc. 2007 à 16:31
Télécharge

http://www.clubic.com/telecharger-fiche25107-vundofix.html

Double-cliquez sur VundoFix.exe afin de le lancer, puis cliquez sur le bouton "Scan for Vundo".

Lorsque le scan est terminé, cliquez sur le bouton "Remove Vundo".

Une invite vous demandera si vous voulez supprimer les fichiers, cliquez sur YES.

Après avoir cliqué sur Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers (ne vous inquiétez pas c'est normal !).

Vous verrez ensuite une invite qui vous annoncera que votre PC va s'éteindre (shutdown en anglais) : cliquez sur OK.

Une fois votre PC éteint, redémarrez-le.

post le rapport
0
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 16:45
j'ai deja fais cela mais je n'ai eu de rapport ensuite avec vundo
0
Réponse 8 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 16:34
rapport hijackthis

alors il est encore infecté????



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:47, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint\HidFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\HiJackThis\sanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=4070123
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2C365396-CB85-4E18-A7E3-D609D3A27F55} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86FF02E0-EB53-4DA7-90BD-DA0FD39E54DA} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CF1FF21-9927-4170-B19C-64DFC68D909C} - (no file)
O2 - BHO: (no name) - {a4f25d6c-6930-45e9-894f-0fb3b4b06c26} - C:\WINDOWS\system32\jdfrdqoq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C84BC267-145C-42BC-AEB4-86640A7D819A} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?836641679c094e5f9143343be21f7840
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?836641679c094e5f9143343be21f7840
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: pmnklig - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 9 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 16:50
j'ai deja fais cela mais je n'ai eu de rapport ensuite avec vundo
est ce normal?


que dit le rapport de hijackthis svp?
0
Réponse 10 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 16:52
j'ai trouvé un rapport de vundo :


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 15:38:52 30/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\aneley.exe
C:\WINDOWS\system32\aoaufegx.dll
C:\WINDOWS\system32\aqjsbjsd.dll
C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\awtrqnm.dll
C:\WINDOWS\system32\awttrqn.dll
C:\WINDOWS\system32\bxdcaiur.dll
C:\WINDOWS\system32\byxustu.dll
C:\WINDOWS\system32\byxvttq.dll
C:\WINDOWS\system32\byxvwwt.dll
C:\WINDOWS\system32\byxwwvv.dll
C:\WINDOWS\system32\byxywxw.dll
C:\WINDOWS\system32\cbxuuts.dll
C:\WINDOWS\system32\cbxvuts.dll
C:\WINDOWS\system32\cbxvvvw.dll
C:\WINDOWS\system32\cbxwvwv.dll
C:\WINDOWS\system32\cbxwxyy.dll
C:\WINDOWS\system32\cbxxuvt.dll
C:\WINDOWS\system32\cbxyayv.dll
C:\WINDOWS\system32\ddcdefe.dll
C:\WINDOWS\system32\ddcyxuu.dll
C:\WINDOWS\system32\ddcyxyv.dll
C:\WINDOWS\system32\dqhj.exe
C:\WINDOWS\system32\dsjbsjqa.ini
C:\WINDOWS\system32\efcbcby.dll
C:\WINDOWS\system32\efcccbc.dll
C:\WINDOWS\system32\efcdeff.dll
C:\WINDOWS\system32\eqvgqygo.exe
C:\WINDOWS\system32\fccawtu.dll
C:\WINDOWS\system32\fccdebx.dll
C:\WINDOWS\system32\fccyayy.dll
C:\WINDOWS\system32\foiledcg.exe
C:\WINDOWS\system32\fpyobsrx.dll
C:\WINDOWS\system32\gebaxuu.dll
C:\WINDOWS\system32\gebcywu.dll
C:\WINDOWS\system32\gebxxwx.dll
C:\WINDOWS\system32\gebyaxu.dll
C:\WINDOWS\system32\gfheorjh.ini
C:\WINDOWS\system32\gmsylmtv.dll
C:\WINDOWS\system32\hjroehfg.dll
C:\WINDOWS\system32\hkrnhayq.dll
C:\WINDOWS\system32\hlwgiphr.dll
C:\WINDOWS\system32\hvhjlrid.dll
C:\WINDOWS\system32\hvunlwqt.dll
C:\WINDOWS\system32\iifdeeb.dll
C:\WINDOWS\system32\jagq.exe
C:\WINDOWS\system32\jdfrdqoq.dll
C:\WINDOWS\system32\jkkhecc.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\jkklllj.dll
C:\WINDOWS\system32\khfcawt.dll
C:\WINDOWS\system32\khfcdba.dll
C:\WINDOWS\system32\khfecay.dll
C:\WINDOWS\system32\khfgeee.dll
C:\WINDOWS\system32\ljjhfca.dll
C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\ljjigfg.dll
C:\WINDOWS\system32\ljjigge.dll
C:\WINDOWS\system32\mljhiig.dll
C:\WINDOWS\system32\mljjgda.dll
C:\WINDOWS\system32\mvsxunjb.dll
C:\WINDOWS\system32\nnnonml.dll
C:\WINDOWS\system32\nuiqojyv.dll
C:\WINDOWS\system32\nxojxasf.dll
C:\WINDOWS\system32\ocjbeant.dll
C:\WINDOWS\system32\opnkihg.dll
C:\WINDOWS\system32\opnkjgd.dll
C:\WINDOWS\system32\opnmllm.dll
C:\WINDOWS\system32\opnnkjj.dll
C:\WINDOWS\system32\pcmnrwo.exe
C:\WINDOWS\system32\pkrdaih.exe
C:\WINDOWS\system32\pmnkkih.dll
C:\WINDOWS\system32\pmnmkki.dll
C:\WINDOWS\system32\pmnnnlj.dll
C:\WINDOWS\system32\pmnonkj.dll
C:\WINDOWS\system32\pocpswqx.dll
C:\WINDOWS\system32\qomjgfg.dll
C:\WINDOWS\system32\qomkhhe.dll
C:\WINDOWS\system32\qomkihg.dll
C:\WINDOWS\system32\qommjig.dll
C:\WINDOWS\system32\qommmkj.dll
C:\WINDOWS\system32\qurgrtjj.dll
C:\WINDOWS\system32\qywgldfb.dll
C:\WINDOWS\system32\qyycnqak.dll
C:\WINDOWS\system32\rhfojwmr.dll
C:\WINDOWS\system32\rqrqqnl.dll
C:\WINDOWS\system32\rqrqrrp.dll
C:\WINDOWS\system32\rqrrrst.dll
C:\WINDOWS\system32\rqrrsts.dll
C:\WINDOWS\system32\ssqomjj.dll
C:\WINDOWS\system32\ssqqrom.dll
C:\WINDOWS\system32\ssqrrol.dll
C:\WINDOWS\system32\ssqrrqr.dll
C:\WINDOWS\system32\suseubay.dll
C:\WINDOWS\system32\svwmiuol.dll
C:\WINDOWS\system32\tuvtqrp.dll
C:\WINDOWS\system32\tuvtutq.dll
C:\WINDOWS\system32\tuvwuuu.dll
C:\WINDOWS\system32\ukylrcuk.dll
C:\WINDOWS\system32\urqoomn.dll
C:\WINDOWS\system32\urqpmjh.dll
C:\WINDOWS\system32\urqrpnk.dll
C:\WINDOWS\system32\uzedtfcd.exe
C:\WINDOWS\system32\vbrifjgf.dll
C:\WINDOWS\system32\vouwwgdg.dll
C:\WINDOWS\system32\vpqacjvm.dll
C:\WINDOWS\system32\vpxooxx.exe
C:\WINDOWS\system32\vtmlysmg.ini
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vturpqo.dll
C:\WINDOWS\system32\vtuusro.dll
C:\WINDOWS\system32\wqrgdotg.dll
C:\WINDOWS\system32\wsjojodn.dll
C:\WINDOWS\system32\wvuturp.dll
C:\WINDOWS\system32\xebqeobe.dll
C:\WINDOWS\system32\xgefuaoa.ini
C:\WINDOWS\system32\xxywuuu.dll
C:\WINDOWS\system32\xxywuvt.dll
C:\WINDOWS\system32\xxyxusp.dll
C:\WINDOWS\system32\yayaxxy.dll
C:\WINDOWS\system32\yayvutr.dll
C:\WINDOWS\system32\ydhdfdwh.dll
C:\WINDOWS\system32\yfuhmqit.dll
C:\WINDOWS\system32\ygrxnsjo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aneley.exe
C:\WINDOWS\system32\aneley.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\aoaufegx.dll
C:\WINDOWS\system32\aoaufegx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aqjsbjsd.dll
C:\WINDOWS\system32\aqjsbjsd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\awtqnkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrqnm.dll
C:\WINDOWS\system32\awtrqnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awttrqn.dll
C:\WINDOWS\system32\awttrqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bxdcaiur.dll
C:\WINDOWS\system32\bxdcaiur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxustu.dll
C:\WINDOWS\system32\byxustu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvttq.dll
C:\WINDOWS\system32\byxvttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvwwt.dll
C:\WINDOWS\system32\byxvwwt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxwwvv.dll
C:\WINDOWS\system32\byxwwvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxywxw.dll
C:\WINDOWS\system32\byxywxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxuuts.dll
C:\WINDOWS\system32\cbxuuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvuts.dll
C:\WINDOWS\system32\cbxvuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvvvw.dll
C:\WINDOWS\system32\cbxvvvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwvwv.dll
C:\WINDOWS\system32\cbxwvwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwxyy.dll
C:\WINDOWS\system32\cbxwxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxxuvt.dll
C:\WINDOWS\system32\cbxxuvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxyayv.dll
C:\WINDOWS\system32\cbxyayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdefe.dll
C:\WINDOWS\system32\ddcdefe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyxuu.dll
C:\WINDOWS\system32\ddcyxuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyxyv.dll
C:\WINDOWS\system32\ddcyxyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dqhj.exe
C:\WINDOWS\system32\dqhj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dsjbsjqa.ini
C:\WINDOWS\system32\dsjbsjqa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbcby.dll
C:\WINDOWS\system32\efcbcby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcccbc.dll
C:\WINDOWS\system32\efcccbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcdeff.dll
C:\WINDOWS\system32\efcdeff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eqvgqygo.exe
C:\WINDOWS\system32\eqvgqygo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccawtu.dll
C:\WINDOWS\system32\fccawtu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccdebx.dll
C:\WINDOWS\system32\fccdebx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccyayy.dll
C:\WINDOWS\system32\fccyayy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\foiledcg.exe
C:\WINDOWS\system32\foiledcg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fpyobsrx.dll
C:\WINDOWS\system32\fpyobsrx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebaxuu.dll
C:\WINDOWS\system32\gebaxuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcywu.dll
C:\WINDOWS\system32\gebcywu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebxxwx.dll
C:\WINDOWS\system32\gebxxwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyaxu.dll
C:\WINDOWS\system32\gebyaxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gfheorjh.ini
C:\WINDOWS\system32\gfheorjh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gmsylmtv.dll
C:\WINDOWS\system32\gmsylmtv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjroehfg.dll
C:\WINDOWS\system32\hjroehfg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkrnhayq.dll
C:\WINDOWS\system32\hkrnhayq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hlwgiphr.dll
C:\WINDOWS\system32\hlwgiphr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hvhjlrid.dll
C:\WINDOWS\system32\hvhjlrid.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hvunlwqt.dll
C:\WINDOWS\system32\hvunlwqt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifdeeb.dll
C:\WINDOWS\system32\iifdeeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jagq.exe
C:\WINDOWS\system32\jagq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdfrdqoq.dll
C:\WINDOWS\system32\jdfrdqoq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhecc.dll
C:\WINDOWS\system32\jkkhecc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\jkkkkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklllj.dll
C:\WINDOWS\system32\jkklllj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcawt.dll
C:\WINDOWS\system32\khfcawt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcdba.dll
C:\WINDOWS\system32\khfcdba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfecay.dll
C:\WINDOWS\system32\khfecay.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgeee.dll
C:\WINDOWS\system32\khfgeee.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhfca.dll
C:\WINDOWS\system32\ljjhfca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\ljjhfec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjigfg.dll
C:\WINDOWS\system32\ljjigfg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjigge.dll
C:\WINDOWS\system32\ljjigge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhiig.dll
C:\WINDOWS\system32\mljhiig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjgda.dll
C:\WINDOWS\system32\mljjgda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvsxunjb.dll
C:\WINDOWS\system32\mvsxunjb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnonml.dll
C:\WINDOWS\system32\nnnonml.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nuiqojyv.dll
C:\WINDOWS\system32\nuiqojyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nxojxasf.dll
C:\WINDOWS\system32\nxojxasf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocjbeant.dll
C:\WINDOWS\system32\ocjbeant.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnkihg.dll
C:\WINDOWS\system32\opnkihg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnkjgd.dll
C:\WINDOWS\system32\opnkjgd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmllm.dll
C:\WINDOWS\system32\opnmllm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnnkjj.dll
C:\WINDOWS\system32\opnnkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pcmnrwo.exe
C:\WINDOWS\system32\pcmnrwo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pkrdaih.exe
C:\WINDOWS\system32\pkrdaih.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnkkih.dll
C:\WINDOWS\system32\pmnkkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmkki.dll
C:\WINDOWS\system32\pmnmkki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnlj.dll
C:\WINDOWS\system32\pmnnnlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnonkj.dll
C:\WINDOWS\system32\pmnonkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pocpswqx.dll
C:\WINDOWS\system32\pocpswqx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjgfg.dll
C:\WINDOWS\system32\qomjgfg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkhhe.dll
C:\WINDOWS\system32\qomkhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkihg.dll
C:\WINDOWS\system32\qomkihg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommjig.dll
C:\WINDOWS\system32\qommjig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommmkj.dll
C:\WINDOWS\system32\qommmkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qurgrtjj.dll
C:\WINDOWS\system32\qurgrtjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qywgldfb.dll
C:\WINDOWS\system32\qywgldfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qyycnqak.dll
C:\WINDOWS\system32\qyycnqak.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rhfojwmr.dll
C:\WINDOWS\system32\rhfojwmr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqqnl.dll
C:\WINDOWS\system32\rqrqqnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrrp.dll
C:\WINDOWS\system32\rqrqrrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrrrst.dll
C:\WINDOWS\system32\rqrrrst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrrsts.dll
C:\WINDOWS\system32\rqrrsts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqomjj.dll
C:\WINDOWS\system32\ssqomjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqrom.dll
C:\WINDOWS\system32\ssqqrom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrrol.dll
C:\WINDOWS\system32\ssqrrol.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrrqr.dll
C:\WINDOWS\system32\ssqrrqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\suseubay.dll
C:\WINDOWS\system32\suseubay.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\svwmiuol.dll
C:\WINDOWS\system32\svwmiuol.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqrp.dll
C:\WINDOWS\system32\tuvtqrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtutq.dll
C:\WINDOWS\system32\tuvtutq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwuuu.dll
C:\WINDOWS\system32\tuvwuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukylrcuk.dll
C:\WINDOWS\system32\ukylrcuk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqoomn.dll
C:\WINDOWS\system32\urqoomn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpmjh.dll
C:\WINDOWS\system32\urqpmjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrpnk.dll
C:\WINDOWS\system32\urqrpnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uzedtfcd.exe
C:\WINDOWS\system32\uzedtfcd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vbrifjgf.dll
C:\WINDOWS\system32\vbrifjgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vouwwgdg.dll
C:\WINDOWS\system32\vouwwgdg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vpqacjvm.dll
C:\WINDOWS\system32\vpqacjvm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vpxooxx.exe
C:\WINDOWS\system32\vpxooxx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtmlysmg.ini
C:\WINDOWS\system32\vtmlysmg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturpqo.dll
C:\WINDOWS\system32\vturpqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuusro.dll
C:\WINDOWS\system32\vtuusro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqrgdotg.dll
C:\WINDOWS\system32\wqrgdotg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wsjojodn.dll
C:\WINDOWS\system32\wsjojodn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuturp.dll
C:\WINDOWS\system32\wvuturp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xebqeobe.dll
C:\WINDOWS\system32\xebqeobe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xgefuaoa.ini
C:\WINDOWS\system32\xgefuaoa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywuuu.dll
C:\WINDOWS\system32\xxywuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywuvt.dll
C:\WINDOWS\system32\xxywuvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyxusp.dll
C:\WINDOWS\system32\xxyxusp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayaxxy.dll
C:\WINDOWS\system32\yayaxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvutr.dll
C:\WINDOWS\system32\yayvutr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ydhdfdwh.dll
C:\WINDOWS\system32\ydhdfdwh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yfuhmqit.dll
C:\WINDOWS\system32\yfuhmqit.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygrxnsjo.dll
C:\WINDOWS\system32\ygrxnsjo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\nnnonml.dll
C:\WINDOWS\system32\nnnonml.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 16:18:41 30/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


alors doc quoi de neuf?
0
Réponse 11 / 70
Utilisateur anonyme
30 déc. 2007 à 17:01
il te reste a faire cete procédure




Télécharge

http://info-magique.titi-serveur.net/index.php?showtopic=38

Double-cliquez ensuite sur VirtumundoBeGone.exe et suivez les instructions qui s'affichent à l'écran.

Une fois terminé, redémarrez votre PC.

PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.
0
Réponse 12 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 17:05
je l'ai fais aussi il me disait qu'il n'avait rien trouvé

dois je ensuite utiliser navilog1?
0
Réponse 13 / 70
Utilisateur anonyme
30 déc. 2007 à 17:18
tu n'es plus infecté


mais tu peux toujours le faire
http://il.mafioso.pagesperso-orange.fr/



pour terminer , post le rapport
0
Réponse 14 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 17:33
je pense que je suis encore infecté notamment avec WORM.agent.bx etWorm.agent.l


je poste le rapport de navlog
0
Réponse 15 / 70
Utilisateur anonyme
30 déc. 2007 à 17:46
téléharge les

j'ai corrigé le lien

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html


Désactive ta restauration du système :

- fais un clique droit sur "Poste de travail"
- clique sur "Propriétés"
- clique sur l'onglet "Restauration du système"
- coche la case "Désactiver la Restauration du système"
- valide par ok

Supprime tes fichiers temporaires :

- dans Internet Explorer, clique sur "Outils"
- choisir "Options Internet"
- clique sur "Supprimer les fichiers"
- clique sur "Effacer l'historique"




Réactive ta restauration du sytème si tout est ok.
regarde toujours dans tes options internet ---> contenu ---> certificats puis éditeur

si tu vois des sites affichés ------> supprimes les





si tu n'as pas d'antivirus
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/25899.html

antipspyware, trés performant
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/50275.html


refais un scan en lignes par internet explorer et tu va sur les site -----> scan onlines bit defender
0
Réponse 16 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 17:48
voila le rapport de navilog


Search Navipromo version 3.3.8 commencé le 30/12/2007 à 17:42:28,62

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Grégory Even\application data" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Grégory Even\local settings\application data" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

pv.exe trouvé !

* Dans "C:\Documents and Settings\Grégory Even\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\qqstv.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 30/12/2007 à 17:45:11,23 ***
0
Réponse 17 / 70
Utilisateur anonyme
30 déc. 2007 à 17:52
je m 'en doutais avec les certificats et éditeurs

refais un scan avec vundo
0
Réponse 18 / 70
botcaryo Messages postés 103 Date d'inscription lundi 20 février 2006 Statut Membre Dernière intervention 4 janvier 2013 2
30 déc. 2007 à 18:11
je ne comprends pas . il trouve un virus ok!! mais ca n'a rien a voir avec les editeurs ou les certificats, c'est un chapitre différent pas la localisation du virus

de plus vundo ne le scan pas!!!
0
Réponse 19 / 70
Utilisateur anonyme
30 déc. 2007 à 18:16
as tu bien suivi les procédures ?

donne moi le nom du fichier infecté
0
Réponse 20 / 70
Utilisateur anonyme
30 déc. 2007 à 18:23
bonsoir et desoles pour l'intrusion !! il reste du vundo poste un hijackthis !!!
0