Sujet Précédent Sujet Suivant

Probleme avec un spyware/virus

jean -  
 Utilisateur anonyme -
Bonjour, voila mon rapport de HijackThis si quelqu'un pouvai me dire ce que je doit faire

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:00, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.toolbar.bz/sidebar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\TOOLBAR.BZ\tbhelper.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: (no name) - {0178aee3-c33b-4c36-95d6-36000e9db1a5} - C:\WINDOWS\system32\taltmwou.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: TBSB08469 - {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} - C:\PROGRA~1\TOOLBAR.BZ\untitled.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\gebxvvw.dll
O2 - BHO: {7e524db8-4f44-adca-0714-2dea829e3ecd} - {dce3e928-aed2-4170-acda-44f48bd425e7} - C:\WINDOWS\system32\pgaplaeh.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\turbosearchsite.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FBUJ Agent] C:\WINDOWS\system32\28463\FBUJ.exe
O4 - HKLM\..\Run: [9837b26e] rundll32.exe "C:\WINDOWS\system32\xylqnnjr.dll",b
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "c:\documents and settings\administrateur\application data\install_en[1].exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.26\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01fe747f6260447a8c77a7b1d9c6f798
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01fe747f6260447a8c77a7b1d9c6f798
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.nodialup.name
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.pornoaccesso.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.whatsnew.name
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: gebxvvw - C:\WINDOWS\SYSTEM32\gebxvvw.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\system32\ezzhjmt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ladokxkl.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
Utilisateur anonyme
 
bonsoir il y a toute la famille adam's dans ton pc ! lol

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

https://www.01net.com/outils/telecharger/windows/Internet/partage/fiches/tele13536.html

Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
0
Réponse 2 / 35
jean
 
lol bien dit la famille adams , c'est que je viens d'achté ce pc a 70e par un pote je me suis dit que c'etait une bonne affaire mais maintenant je pense que c'est plus le cas ... voila le 1er rapport :

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 19:36:51 04/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\bicndcjs.dll
C:\WINDOWS\system32\bybkfjoh.dll
C:\WINDOWS\system32\emywknxd.dll
C:\WINDOWS\system32\ieergnga.dll
C:\WINDOWS\system32\irexgpcv.dll
C:\WINDOWS\system32\jwyitfxo.ini
C:\WINDOWS\system32\nmnkyasl.dll
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\oxftiywj.dll
C:\WINDOWS\system32\sjcdncib.ini
C:\WINDOWS\system32\sxefqrob.dll
C:\WINDOWS\system32\tlblmrgo.dll
C:\WINDOWS\system32\upttjfhx.dll
C:\WINDOWS\system32\xewsyscx.dll
C:\WINDOWS\system32\xylqnnjr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bicndcjs.dll
C:\WINDOWS\system32\bicndcjs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bybkfjoh.dll
C:\WINDOWS\system32\bybkfjoh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\emywknxd.dll
C:\WINDOWS\system32\emywknxd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ieergnga.dll
C:\WINDOWS\system32\ieergnga.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\irexgpcv.dll
C:\WINDOWS\system32\irexgpcv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jwyitfxo.ini
C:\WINDOWS\system32\jwyitfxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmnkyasl.dll
C:\WINDOWS\system32\nmnkyasl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\nqtwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oxftiywj.dll
C:\WINDOWS\system32\oxftiywj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sjcdncib.ini
C:\WINDOWS\system32\sjcdncib.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sxefqrob.dll
C:\WINDOWS\system32\sxefqrob.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tlblmrgo.dll
C:\WINDOWS\system32\tlblmrgo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\upttjfhx.dll
C:\WINDOWS\system32\upttjfhx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xewsyscx.dll
C:\WINDOWS\system32\xewsyscx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xylqnnjr.dll
C:\WINDOWS\system32\xylqnnjr.dll Has been deleted!

Performing Repairs to the registry.
Done!

et voila le 2ém :

[01/04/2008, 20:54:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[01/04/2008, 20:54:46] - Detected System Information:
[01/04/2008, 20:54:46] - Windows Version: 5.1.2600, Service Pack 2
[01/04/2008, 20:54:46] - Current Username: Administrateur (Admin)
[01/04/2008, 20:54:46] - Windows is in NORMAL mode.
[01/04/2008, 20:54:46] - Searching for Browser Helper Objects:
[01/04/2008, 20:54:46] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 20:54:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:46] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 20:54:46] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 20:54:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 20:54:47] - BHO 3: {188C899C-4174-4489-A1F1-ACE8BF2E153B} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 20:54:47] - BHO 4: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 20:54:47] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 20:54:47] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 20:54:47] - BHO 7: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 20:54:47] - BHO 8: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 20:54:47] - BHO 9: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 20:54:47] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 20:54:47] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - No filename found. Continuing.
[01/04/2008, 20:54:47] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 20:54:47] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 20:54:47] - BHO 14: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\gebxvvw
[01/04/2008, 20:54:47] - Found: HKLM\...\Winlogon\Notify\gebxvvw - This is probably Virtumundo.
[01/04/2008, 20:54:47] - Assigning {DB0B918E-A0A8-482B-8D75-A682816B0C7B} MSEvents Object
[01/04/2008, 20:54:47] - BHO list has been changed! Starting over...
[01/04/2008, 20:54:47] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 20:54:48] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 20:54:48] - BHO 3: {188C899C-4174-4489-A1F1-ACE8BF2E153B} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 20:54:48] - BHO 4: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 20:54:48] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 20:54:48] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 20:54:48] - BHO 7: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 20:54:48] - BHO 8: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 20:54:48] - BHO 9: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 20:54:48] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 20:54:48] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - No filename found. Continuing.
[01/04/2008, 20:54:48] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 20:54:48] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 20:54:48] - BHO 14: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} (MSEvents Object)
[01/04/2008, 20:54:48] - ALERT: Found MSEvents Object!
[01/04/2008, 20:54:48] - BHO 15: {dce3e928-aed2-4170-acda-44f48bd425e7} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\pgaplaeh
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\pgaplaeh, continuing.
[01/04/2008, 20:54:48] - BHO 16: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[01/04/2008, 20:54:48] - BHO 17: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[01/04/2008, 20:54:48] - Finished Searching Browser Helper Objects
[01/04/2008, 20:54:48] - *** Detected MSEvents Object
[01/04/2008, 20:54:48] - Trying to remove MSEvents Object...
[01/04/2008, 20:54:49] - Terminating Process: IEXPLORE.EXE
[01/04/2008, 20:54:50] - Terminating Process: RUNDLL32.EXE
[01/04/2008, 20:54:50] - Disabling Automatic Shell Restart
[01/04/2008, 20:54:51] - Terminating Process: EXPLORER.EXE
[01/04/2008, 20:54:52] - Suspending the NT Session Manager System Service
[01/04/2008, 20:54:54] - Terminating Windows NT Logon/Logoff Manager
[01/04/2008, 20:59:57] - Re-enabling Automatic Shell Restart
[01/04/2008, 20:59:58] - File to disable: C:\WINDOWS\system32\gebxvvw.dll
[01/04/2008, 20:59:59] - Renaming C:\WINDOWS\system32\gebxvvw.dll -> C:\WINDOWS\system32\gebxvvw.dll.vir
[01/04/2008, 21:00:00] - File successfully renamed!
[01/04/2008, 21:00:01] - Removing HKLM\...\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
[01/04/2008, 21:00:02] - Removing HKCR\CLSID\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
[01/04/2008, 21:00:05] - Adding Kill Bit for ActiveX for GUID: {DB0B918E-A0A8-482B-8D75-A682816B0C7B}
[01/04/2008, 21:00:06] - Deleting ATLEvents/MSEvents Registry entries
[01/04/2008, 21:00:06] - Removing HKLM\...\Winlogon\Notify\gebxvvw
[01/04/2008, 21:00:06] - Searching for Browser Helper Objects:
[01/04/2008, 21:00:06] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 21:00:06] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 21:00:06] - BHO 3: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 21:00:06] - BHO 4: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 21:00:06] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 21:00:06] - BHO 6: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 21:00:06] - BHO 7: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 21:00:06] - BHO 8: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 21:00:06] - BHO 9: {639ECCC2-C3B8-4530-B67A-6E1351D73A9C} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 21:00:06] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 21:00:07] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 21:00:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:07] - No filename found. Continuing.
[01/04/2008, 21:00:07] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 21:00:07] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 21:00:07] - BHO 14: {dce3e928-aed2-4170-acda-44f48bd425e7} ()
[01/04/2008, 21:00:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:07] - Checking for HKLM\...\Winlogon\Notify\pgaplaeh
[01/04/2008, 21:00:07] - Key not found: HKLM\...\Winlogon\Notify\pgaplaeh, continuing.
[01/04/2008, 21:00:07] - BHO 15: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[01/04/2008, 21:00:07] - BHO 16: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[01/04/2008, 21:00:07] - Finished Searching Browser Helper Objects
[01/04/2008, 21:00:07] - Finishing up...
[01/04/2008, 21:00:07] - A restart is needed.
[01/04/2008, 21:00:48] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 3 / 35
Utilisateur anonyme
 
70 euro c'est une bonne affaire si il en as un autre dit le moi , avec l'option vundo c'est un peu moin cool mais on va les faires partir!

relance vitumondobegone et poste moi le rapport il ya eu une erreur
0
Réponse 4 / 35
jean
 
lol no problem si jamais il yen a un autre je te previen , voila le rapport :

[01/04/2008, 20:54:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[01/04/2008, 20:54:46] - Detected System Information:
[01/04/2008, 20:54:46] - Windows Version: 5.1.2600, Service Pack 2
[01/04/2008, 20:54:46] - Current Username: Administrateur (Admin)
[01/04/2008, 20:54:46] - Windows is in NORMAL mode.
[01/04/2008, 20:54:46] - Searching for Browser Helper Objects:
[01/04/2008, 20:54:46] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 20:54:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:46] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 20:54:46] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 20:54:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 20:54:47] - BHO 3: {188C899C-4174-4489-A1F1-ACE8BF2E153B} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 20:54:47] - BHO 4: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 20:54:47] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 20:54:47] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 20:54:47] - BHO 7: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 20:54:47] - BHO 8: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 20:54:47] - BHO 9: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 20:54:47] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 20:54:47] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - No filename found. Continuing.
[01/04/2008, 20:54:47] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 20:54:47] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 20:54:47] - BHO 14: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\gebxvvw
[01/04/2008, 20:54:47] - Found: HKLM\...\Winlogon\Notify\gebxvvw - This is probably Virtumundo.
[01/04/2008, 20:54:47] - Assigning {DB0B918E-A0A8-482B-8D75-A682816B0C7B} MSEvents Object
[01/04/2008, 20:54:47] - BHO list has been changed! Starting over...
[01/04/2008, 20:54:47] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 20:54:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:47] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 20:54:47] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 20:54:48] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 20:54:48] - BHO 3: {188C899C-4174-4489-A1F1-ACE8BF2E153B} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 20:54:48] - BHO 4: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 20:54:48] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 20:54:48] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 20:54:48] - BHO 7: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 20:54:48] - BHO 8: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 20:54:48] - BHO 9: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 20:54:48] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 20:54:48] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - No filename found. Continuing.
[01/04/2008, 20:54:48] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 20:54:48] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 20:54:48] - BHO 14: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} (MSEvents Object)
[01/04/2008, 20:54:48] - ALERT: Found MSEvents Object!
[01/04/2008, 20:54:48] - BHO 15: {dce3e928-aed2-4170-acda-44f48bd425e7} ()
[01/04/2008, 20:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 20:54:48] - Checking for HKLM\...\Winlogon\Notify\pgaplaeh
[01/04/2008, 20:54:48] - Key not found: HKLM\...\Winlogon\Notify\pgaplaeh, continuing.
[01/04/2008, 20:54:48] - BHO 16: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[01/04/2008, 20:54:48] - BHO 17: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[01/04/2008, 20:54:48] - Finished Searching Browser Helper Objects
[01/04/2008, 20:54:48] - *** Detected MSEvents Object
[01/04/2008, 20:54:48] - Trying to remove MSEvents Object...
[01/04/2008, 20:54:49] - Terminating Process: IEXPLORE.EXE
[01/04/2008, 20:54:50] - Terminating Process: RUNDLL32.EXE
[01/04/2008, 20:54:50] - Disabling Automatic Shell Restart
[01/04/2008, 20:54:51] - Terminating Process: EXPLORER.EXE
[01/04/2008, 20:54:52] - Suspending the NT Session Manager System Service
[01/04/2008, 20:54:54] - Terminating Windows NT Logon/Logoff Manager
[01/04/2008, 20:59:57] - Re-enabling Automatic Shell Restart
[01/04/2008, 20:59:58] - File to disable: C:\WINDOWS\system32\gebxvvw.dll
[01/04/2008, 20:59:59] - Renaming C:\WINDOWS\system32\gebxvvw.dll -> C:\WINDOWS\system32\gebxvvw.dll.vir
[01/04/2008, 21:00:00] - File successfully renamed!
[01/04/2008, 21:00:01] - Removing HKLM\...\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
[01/04/2008, 21:00:02] - Removing HKCR\CLSID\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
[01/04/2008, 21:00:05] - Adding Kill Bit for ActiveX for GUID: {DB0B918E-A0A8-482B-8D75-A682816B0C7B}
[01/04/2008, 21:00:06] - Deleting ATLEvents/MSEvents Registry entries
[01/04/2008, 21:00:06] - Removing HKLM\...\Winlogon\Notify\gebxvvw
[01/04/2008, 21:00:06] - Searching for Browser Helper Objects:
[01/04/2008, 21:00:06] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 21:00:06] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 21:00:06] - BHO 3: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 21:00:06] - BHO 4: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 21:00:06] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 21:00:06] - BHO 6: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 21:00:06] - BHO 7: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 21:00:06] - BHO 8: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 21:00:06] - BHO 9: {639ECCC2-C3B8-4530-B67A-6E1351D73A9C} ()
[01/04/2008, 21:00:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:06] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 21:00:06] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 21:00:06] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 21:00:07] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 21:00:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:07] - No filename found. Continuing.
[01/04/2008, 21:00:07] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 21:00:07] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 21:00:07] - BHO 14: {dce3e928-aed2-4170-acda-44f48bd425e7} ()
[01/04/2008, 21:00:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:00:07] - Checking for HKLM\...\Winlogon\Notify\pgaplaeh
[01/04/2008, 21:00:07] - Key not found: HKLM\...\Winlogon\Notify\pgaplaeh, continuing.
[01/04/2008, 21:00:07] - BHO 15: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[01/04/2008, 21:00:07] - BHO 16: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[01/04/2008, 21:00:07] - Finished Searching Browser Helper Objects
[01/04/2008, 21:00:07] - Finishing up...
[01/04/2008, 21:00:07] - A restart is needed.
[01/04/2008, 21:00:48] - Attempting to Restart via STOP error (Blue Screen!)

[01/04/2008, 21:39:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[01/04/2008, 21:39:58] - Detected System Information:
[01/04/2008, 21:39:58] - Windows Version: 5.1.2600, Service Pack 2
[01/04/2008, 21:39:58] - Current Username: Administrateur (Admin)
[01/04/2008, 21:39:58] - Windows is in NORMAL mode.
[01/04/2008, 21:39:58] - Searching for Browser Helper Objects:
[01/04/2008, 21:39:58] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 21:39:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:39:58] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 21:39:58] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 21:39:58] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 21:39:58] - BHO 3: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 21:39:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:39:58] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 21:39:58] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 21:39:58] - BHO 4: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 21:39:58] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 21:39:58] - BHO 6: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 21:39:59] - BHO 7: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 21:39:59] - BHO 8: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 21:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:39:59] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 21:39:59] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 21:39:59] - BHO 9: {6ADC2AB6-E431-409D-B653-5138964C4A2F} ()
[01/04/2008, 21:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:39:59] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 21:39:59] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 21:39:59] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 21:39:59] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 21:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:39:59] - No filename found. Continuing.
[01/04/2008, 21:39:59] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 21:39:59] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 21:39:59] - BHO 14: {dce3e928-aed2-4170-acda-44f48bd425e7} ()
[01/04/2008, 21:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:39:59] - Checking for HKLM\...\Winlogon\Notify\pgaplaeh
[01/04/2008, 21:39:59] - Key not found: HKLM\...\Winlogon\Notify\pgaplaeh, continuing.
[01/04/2008, 21:39:59] - BHO 15: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[01/04/2008, 21:39:59] - BHO 16: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[01/04/2008, 21:39:59] - Finished Searching Browser Helper Objects
[01/04/2008, 21:39:59] - Finishing up...
[01/04/2008, 21:39:59] - Nothing found! Exiting...

[01/04/2008, 21:41:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[01/04/2008, 21:41:37] - Detected System Information:
[01/04/2008, 21:41:37] - Windows Version: 5.1.2600, Service Pack 2
[01/04/2008, 21:41:38] - Current Username: Administrateur (Admin)
[01/04/2008, 21:41:38] - Windows is in NORMAL mode.
[01/04/2008, 21:41:38] - Searching for Browser Helper Objects:
[01/04/2008, 21:41:38] - BHO 1: {0178aee3-c33b-4c36-95d6-36000e9db1a5} ()
[01/04/2008, 21:41:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:41:38] - Checking for HKLM\...\Winlogon\Notify\taltmwou
[01/04/2008, 21:41:38] - Key not found: HKLM\...\Winlogon\Notify\taltmwou, continuing.
[01/04/2008, 21:41:38] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/04/2008, 21:41:38] - BHO 3: {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} ()
[01/04/2008, 21:41:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:41:38] - Checking for HKLM\...\Winlogon\Notify\isfmdl
[01/04/2008, 21:41:38] - Key not found: HKLM\...\Winlogon\Notify\isfmdl, continuing.
[01/04/2008, 21:41:38] - BHO 4: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[01/04/2008, 21:41:38] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[01/04/2008, 21:41:38] - BHO 6: {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} (TBSB08469 Class)
[01/04/2008, 21:41:38] - BHO 7: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[01/04/2008, 21:41:38] - BHO 8: {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} ()
[01/04/2008, 21:41:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:41:38] - Checking for HKLM\...\Winlogon\Notify\awtqn
[01/04/2008, 21:41:38] - Key not found: HKLM\...\Winlogon\Notify\awtqn, continuing.
[01/04/2008, 21:41:38] - BHO 9: {6ADC2AB6-E431-409D-B653-5138964C4A2F} ()
[01/04/2008, 21:41:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:41:38] - Checking for HKLM\...\Winlogon\Notify\vtutt
[01/04/2008, 21:41:38] - Key not found: HKLM\...\Winlogon\Notify\vtutt, continuing.
[01/04/2008, 21:41:38] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2008, 21:41:38] - BHO 11: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/04/2008, 21:41:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:41:38] - No filename found. Continuing.
[01/04/2008, 21:41:38] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/04/2008, 21:41:38] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/04/2008, 21:41:38] - BHO 14: {dce3e928-aed2-4170-acda-44f48bd425e7} ()
[01/04/2008, 21:41:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2008, 21:41:38] - Checking for HKLM\...\Winlogon\Notify\pgaplaeh
[01/04/2008, 21:41:38] - Key not found: HKLM\...\Winlogon\Notify\pgaplaeh, continuing.
[01/04/2008, 21:41:38] - BHO 15: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[01/04/2008, 21:41:38] - BHO 16: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[01/04/2008, 21:41:38] - Finished Searching Browser Helper Objects
[01/04/2008, 21:41:38] - Finishing up...
[01/04/2008, 21:41:38] - Nothing found! Exiting...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Utilisateur anonyme
 
ok relance hijackthis do a scan systeme and save log copie et colle le rapport ici
0
Réponse 6 / 35
jean
 
hijackthis rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:13, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.toolbar.bz/sidebar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\TOOLBAR.BZ\tbhelper.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FBUJ Agent] C:\WINDOWS\system32\28463\FBUJ.exe
O4 - HKLM\..\Run: [9837b26e] rundll32.exe "C:\WINDOWS\system32\xylqnnjr.dll",b
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "c:\documents and settings\administrateur\application data\install_en[1].exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.26\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01fe747f6260447a8c77a7b1d9c6f798
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01fe747f6260447a8c77a7b1d9c6f798
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.nodialup.name
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.pornoaccesso.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.whatsnew.name
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\system32\ezzhjmt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ladokxkl.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 7 / 35
Utilisateur anonyme
 
relance hijackthis do scan systeme only coche la cease devant ces lignes puis clic sur fix chequed

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\TOOLBAR.BZ\tbhelper.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [9837b26e] rundll32.exe "C:\WINDOWS\system32\xylqnnjr.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01fe747f6260447a8c77a7b1d9c6f798
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01fe747f6260447a8c77a7b1d9c6f798
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.nodialup.name
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.pornoaccesso.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.whatsnew.name
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\system32\ezzhjmt.dll
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ladokxkl.exe (file missing)

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.

Poste lerapport dans ta prochaine réponse.

Note : Le rapport se trouve également là : C:\Combofix.txt+
0
Réponse 8 / 35
jean
 
waw ça ma pris un temps fou ! voila :

ComboFix 08-01-04.1 - Administrateur 2008-01-04 22:45:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.73 [GMT 0:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\DTGN9FTQ\www.broadcaster.com
C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Administrateur\ravmonlog
C:\install\install.exe
C:\Program Files\Helper
C:\Program Files\Helper\turbosearchsite.dll
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\ictmdl.dll
C:\Program Files\Video Add-on\ictun.exe
C:\Program Files\Video Add-on\icun.exe
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfun.exe
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\winupdates
C:\ravmonlog
C:\WINDOWS\autorun.inf
C:\WINDOWS\ktd32.atm
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\hneloadt.ini
C:\WINDOWS\system32\lkkgsgbp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mtkrirxc.ini
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tljjxeeu.ini
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\uadrjrnf.ini
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\ywecuyhi.ini
C:\Program Files\Video Add-on

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 22:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 20:44 . 2008-01-04 20:44 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-04 19:36 . 2008-01-04 19:36 <REP> d-------- C:\VundoFix Backups
2008-01-04 12:46 . 2008-01-04 17:59 <REP> d-------- C:\Program Files\a-squared Free
2008-01-04 12:35 . 2008-01-04 12:35 163 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-04 12:14 . 2008-01-04 12:14 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-04 00:49 . 2008-01-04 00:49 <REP> d-------- C:\Program Files\Avira
2008-01-04 00:49 . 2008-01-04 00:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-04 00:17 . 2008-01-04 00:17 <REP> d-------- C:\Program Files\Trend Micro
2008-01-04 00:08 . 2008-01-04 00:08 <REP> d-------- C:\Program Files\Uniblue
2008-01-04 00:08 . 2008-01-04 00:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uniblue
2008-01-03 22:52 . 2008-01-03 21:31 1,032,053 --ahs---- C:\WINDOWS\system32\borqfexs.ini
2008-01-03 18:53 . 2008-01-03 18:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 10:51 . 2008-01-04 12:42 1,038,844 ---hs---- C:\WINDOWS\system32\rjnnqlyx.ini
2008-01-01 18:08 . 2008-01-03 07:28 1,031,578 ---hs---- C:\WINDOWS\system32\boddojwf.ini
2007-12-29 21:59 . 2007-12-29 21:59 65 --a------ C:\WINDOWS\FISHUI.INI
2007-12-29 12:56 . 2007-12-29 12:57 1,031,559 ---hs---- C:\WINDOWS\system32\xcsyswex.ini
2007-12-28 12:56 . 2007-12-29 12:56 1,031,499 ---hs---- C:\WINDOWS\system32\jujawrch.ini
2007-12-26 12:15 . 2007-12-28 12:48 1,025,591 ---hs---- C:\WINDOWS\system32\hstrglwb.ini
2007-12-25 12:14 . 2007-12-26 12:14 1,025,411 ---hs---- C:\WINDOWS\system32\agghshfg.ini
2007-12-21 19:56 . 2007-12-21 19:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\iLike
2007-12-21 19:53 . 2007-12-21 19:53 <REP> d-------- C:\Program Files\iLike
2007-12-20 01:46 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-19 23:53 . 2008-01-03 20:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\semanatiba
2007-12-19 23:05 . 2008-01-04 12:29 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2007-12-16 19:09 . 2008-01-02 01:36 320 --ahs---- C:\WINDOWS\system32\hjjlm.ini
2007-12-16 19:03 . 2007-12-16 19:03 40,448 --a------ C:\WINDOWS\system32\gebxvvw.dll.vir
2007-12-16 19:00 . 2008-01-04 12:30 <REP> d--hs---- C:\WINDOWS\system32\28463

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:05 --------- d-----w C:\Program Files\FlashGet
2008-01-04 18:00 --------- d-----w C:\Program Files\Macrogaming
2008-01-04 12:27 --------- d-----w C:\Program Files\eMule
2008-01-04 12:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-01-03 07:27 --------- d-----w C:\Program Files\DrWeb
2007-12-28 16:46 --------- d-----w C:\Program Files\mIRC
2007-12-22 19:54 --------- d-----w C:\Program Files\EuroPoker
2007-12-20 16:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-15 22:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss
2006-04-28 09:21 37 ----a-w C:\Documents and Settings\Administrateur\getfile.dat
2005-09-29 10:51 976,020 ----a-w C:\Program Files\BDAXP.cab
2005-09-29 10:51 916,815 ----a-w C:\Program Files\Oct2005_MDX_x86.cab
2005-09-29 10:51 86,784 ----a-w C:\Program Files\Oct2005_xinput_x64.cab
2005-09-29 10:51 74,448 ----a-w C:\Program Files\DSETUP.dll
2005-09-29 10:51 74,430 ----a-w C:\Program Files\dxupdate.cab
2005-09-29 10:51 703,080 ----a-w C:\Program Files\BDA.cab
2005-09-29 10:51 488,656 ----a-w C:\Program Files\DXSETUP.exe
2005-09-29 10:51 46,085 ----a-w C:\Program Files\Oct2005_xinput_x86.cab
2005-09-29 10:51 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab
2005-09-29 10:51 2,245,840 ----a-w C:\Program Files\dsetup32.dll
2005-09-29 10:51 15,493,481 ----a-w C:\Program Files\DirectX.cab
2005-09-29 10:51 13,265,040 ----a-w C:\Program Files\dxnt.cab
2005-09-29 10:51 1,351,430 -c--a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-09-29 10:51 1,156,363 ----a-w C:\Program Files\BDANT.cab
2005-09-29 10:51 1,078,532 ----a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0178aee3-c33b-4c36-95d6-36000e9db1a5}]
C:\WINDOWS\system32\taltmwou.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A84FD6E-69CF-4147-B44D-CC5BA4CC2900}]
C:\PROGRA~1\TOOLBAR.BZ\untitled.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4}]
C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce3e928-aed2-4170-acda-44f48bd425e7}]
C:\WINDOWS\system32\pgaplaeh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 17:44 815104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"iLike"="C:\Program Files\iLike\1.1.26\ilikesidebar.exe" [2007-09-21 09:38 63024]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-10 13:40 185784]
"FBUJ Agent"="C:\WINDOWS\system32\28463\FBUJ.exe" [ ]
"NI.UGA6P_0001_N122M2210"="c:\documents and settings\administrateur\application data\install_en[1].exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-04 00:57 249896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Advanced Messenger Plus.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Advanced Messenger Plus.lnk
backup=C:\WINDOWS\pss\Advanced Messenger Plus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 15:18 94208 --a------ C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHR4.1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:54 15360 --a--c--- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrWebScheduler]
2006-05-10 13:28 125440 --a------ C:\Program Files\DrWeb\DRWEBSCD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-06-10 09:21 217088 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-01 16:51 257088 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-12-17 16:47 62176 --a------ C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerDiscovery]
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-09-20 08:23 132624 --a------ C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpIDerMail]
2006-06-06 09:23 161792 --a------ C:\Program Files\DrWeb\spiderml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpIDerNT]
C:\PROGRA~1\DrWeb\spidernt.exe /agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder]
C:\Program Files\SpyShredder\SpyShredder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"spidernt"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"ADSLAutoconnect"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;C:\WINDOWS\system32\drivers\drwebnet.sys [2005-10-17 04:33]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
S2 SPIDER;SpIDer FS Monitor for Windows NT;C:\PROGRA~1\DrWeb\spider.sys [2006-04-14 15:20]
S3 SF-620;SF-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\SF-620.sys [2004-08-12 02:18]
S4 ADSLAutoconnect;ADSLAutoconnect;"C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" [2006-09-05 12:41]
S4 spidernt;SpIDer Guard for Windows NT;C:\PROGRA~1\DrWeb\SpiderNT.exe [2006-05-02 13:07]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 17:56:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:10:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 23:19:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 23:19:11

powa c'est bon j'ai limpression qu'il est redevenu tout neuf , en tout les cas un giga grand merci pour ton aide
0
Réponse 9 / 35
Utilisateur anonyme
 
bonjour ce n'est pas encore termine il en reste encore pas mal !!

pour l'instant cherche et desinstal le car c'est un nid a cochonneries Video Add-on !

de plus je vois messenger plus cherche dans ton panneau de config / ajout suppression de programes / cherche le sponsor msn ( CID) et vire le c'est un autre nid a cochonneries ! je te prepare la suite !
0
Réponse 10 / 35
Utilisateur anonyme
 
voici
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Uniblue
C:\WINDOWS\system32\rjnnqlyx.ini
C:\WINDOWS\system32\boddojwf.ini
C:\WINDOWS\system32\xcsyswex.ini
C:\WINDOWS\FISHUI.INI
C:\WINDOWS\system32\jujawrch.ini
C:\WINDOWS\system32\hstrglwb.ini
C:\WINDOWS\system32\agghshfg.ini
C:\WINDOWS\system32\TG_DUMP0708.DLL
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\gebxvvw.dll.vir
C:\WINDOWS\system32\taltmwou.dll
C:\PROGRA~1\TOOLBAR.BZ\untitled.dll
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\pgaplaeh.dll
"C:\WINDOWS\system32\28463\FBUJ.exe"
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\ezzhjmt.dll
"C:\WINDOWS\system32\xylqnnjr.dll"

copie moi le rapport otmoveit et colle le ici
0
Réponse 11 / 35
jean
 
re alor voila j'ai chérché le dossié ou etait Video Add-on (trouver dans un fichié en quarentaine) je l'ai suprimé et sa ma donner 2 fichier qui ne veul pas se suprimé "turbosearchsite.dll.vir" et "Helper" je c'est pas vrement ce c'est mais bon , puis pour le messenger plus il me dit comme quoi il ya pas de programe sponsor mais parcontre j'ai trouver des programe en relation avec msn je les ai suprimé

pour le repport je devai metre Moveit! ou cleanup! j'ai pris moveit au hasard...

voila le rapport :

C:\Program Files\Uniblue\RegistryBooster 2 moved successfully.
C:\Program Files\Uniblue moved successfully.
C:\WINDOWS\system32\rjnnqlyx.ini moved successfully.
C:\WINDOWS\system32\boddojwf.ini moved successfully.
C:\WINDOWS\system32\xcsyswex.ini moved successfully.
C:\WINDOWS\FISHUI.INI moved successfully.
C:\WINDOWS\system32\jujawrch.ini moved successfully.
C:\WINDOWS\system32\hstrglwb.ini moved successfully.
C:\WINDOWS\system32\agghshfg.ini moved successfully.
C:\WINDOWS\system32\TG_DUMP0708.DLL unregistered successfully.
C:\WINDOWS\system32\TG_DUMP0708.DLL moved successfully.
C:\WINDOWS\system32\hjjlm.ini moved successfully.
C:\WINDOWS\system32\gebxvvw.dll.vir moved successfully.
File/Folder C:\WINDOWS\system32\taltmwou.dll not found.
File/Folder C:\PROGRA~1\TOOLBAR.BZ\untitled.dll not found.
File/Folder C:\WINDOWS\system32\awtqn.dll not found.
File/Folder C:\WINDOWS\system32\pgaplaeh.dll not found.
File/Folder "C:\WINDOWS\system32\28463\FBUJ.exe" not found.
C:\WINDOWS\system32\28463 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ezzhjmt.dll
C:\WINDOWS\system32\ezzhjmt.dll NOT unregistered.
C:\WINDOWS\system32\ezzhjmt.dll moved successfully.
File/Folder "C:\WINDOWS\system32\xylqnnjr.dll" not found.

Created on 01/05/2008 12:30:10
0
Réponse 12 / 35
Utilisateur anonyme
 
1) Telecharge

-- CCleaner
https://www.ccleaner.com/ccleaner/download
Choisi de préférence la version SLIM-No Toolbar.
Installe-le en prenant soin de décocher les diverses options dont la barre Yahoo et la mise à jour.
Lance CCleaner puis Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Pour les autres paramètres, laisse-le avec ses réglages par défaut.
Ferme le programme pour l’instant.

--la version d'essai d'AVG Anti-Spyware 7.5 depuis http://www.grisoft.com/doc/downloads-products/ww/crp/0?prd=triasw
Installe la puis...Lancer AVG Anti-Spyware.
Clique sur le menu Mise à jour.
Dans le paragraphe Mise à jour manuelle, cliquer sur le bouton Commencer la mise à jour.
Attends la fin de cette mise à jour puis ferme le programme.
Ne pas lancer d'analyse maintenant

2) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

supprime les fichiets que tu n'as pas pu supprimer en mode normal + europoker et regisrybooster

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Lance AVG Anti-Spyware 7.5

--Réglages

Clique sur le menu Analyse (de la barre d'outils).
Clique sur l'onglet Paramètres.
Dans Comment réagir? clique sur Actions recommandées et choisir Quarantaine.
Dans Comment faire l'analyse ? et dans Programmes potentiellement dangereux, vérifier que toutes les cases soient cochées.
Dans Rapports cocher "générer un rapport après chaque analyse"

-- Scan
Dans l'onglet Analyse
Clique sur Analyse complète du système.
Important : Ne pas ouvrir de fenêtre, ne pas lancer de programme pendant l'exécution de AVG Anti-Spyware, car cela pourrait interférer avec le processus de recherche.
Cliquer sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.(C:\Programfiles\AVG Antispyware 7.5\Reports)
Ensuite
Très important : A la fin de l'analyse, clique sur " Appliquer toutes les actions"

Puis ferme AVG Anti-Spyware.

4) Suppression de fichiers inutiles avec CCleaner

Lance CCleaner en double-cliquant sur son raccourci sur le bureau.
Puis dans le menu Nettoyeur
Clique sur Analyse (laisser travailler cela peut durer longtemps la 1ere fois)
Clique sur le bouton Lancer le nettoyage.
Clique une seconde fois sur le bouton Lancer le nettoyage puis ferme CCleaner.

5) Rapports

Fais redémarrer le PC en mode normal puis poste en réponse :
* Un nouveau rapport HijackThis
* Le rapport d AVG antispyware 7.5 situé ici C:\Programfiles\AVG Antispyware 7.5\Reports
0
Réponse 13 / 35
jean
 
tout c'est bien passé jusqua l'etape 2 , mais dans le mode sans echec j'ai pa pu retrouvé les 2 fichier insuprimable puis je suis revenu en mode normal j'ai cherché a retrouvé les fichier insuprimable ... il avait disparu c'est ptetre lantivirus ou un truc du genre , mais le big problem c'est que jarrive plus a trouvé le rapport d'AVG meme si je suis d'avoir trouvé quelque virus si je me rapel bien il y en avait 28 a risque moyen et 3 a risque bas , je suis rentré ici C:\Program Files\Grisoft\AVG Anti-Spyware 7.5 mais ya pas de fichier Reports (mais par contre j'ai trouvé un fichié error ou il ya ecri :

[05/01/2008 14:21] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274
[05/01/2008 14:21] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227
[05/01/2008 15:26] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23
[05/01/2008 15:33] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23
[05/01/2008 15:33] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274
[05/01/2008 15:33] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23
[05/01/2008 15:33:58] Error: failed to create socket, Value: 00002742, Position: .\DownloadHttp.cpp, 212
[05/01/2008 18:51:54] Error: failed to connect to server, Value: 00000002, Position: .\Client.cpp, 26
[05/01/2008 18:54] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274
[05/01/2008 18:54] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227

c'est normal ???

puis j'ai mis rechérché "AVG" et je suis tombé sur C:\Documents and Settings\Administrateur\Application Data\Grisoft\AVG Antispyware 7.5 ou il ya 2 fichier "quarantine" ou il ya quelque fichié et "Reports" qui est vide ..... oO..... esque je doi refaire l'operation de AVG Antispyware ou esque je doit le retelecherger ou quoi ?

et voila le raport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:19, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0178aee3-c33b-4c36-95d6-36000e9db1a5} - C:\WINDOWS\system32\taltmwou.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: TBSB08469 - {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} - C:\PROGRA~1\TOOLBAR.BZ\untitled.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7e524db8-4f44-adca-0714-2dea829e3ecd} - {dce3e928-aed2-4170-acda-44f48bd425e7} - C:\WINDOWS\system32\pgaplaeh.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FBUJ Agent] C:\WINDOWS\system32\28463\FBUJ.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "c:\documents and settings\administrateur\application data\install_en[1].exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.26\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 14 / 35
Utilisateur anonyme
 
relance hijackthis do a scan systeme oly et coche la case devant ces lignes puis clic sur fix chequed

O2 - BHO: (no name) - {0178aee3-c33b-4c36-95d6-36000e9db1a5} - C:\WINDOWS\system32\taltmwou.dll (file missing)
O2 - BHO: TBSB08469 - {4A84FD6E-69CF-4147-B44D-CC5BA4CC2900} - C:\PROGRA~1\TOOLBAR.BZ\untitled.dll (file missing)
O2 - BHO: (no name) - {5B61EC2D-33C1-4FD8-9B00-39B4FB9AB2C4} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7e524db8-4f44-adca-0714-2dea829e3ecd} - {dce3e928-aed2-4170-acda-44f48bd425e7} - C:\WINDOWS\system32\pgaplaeh.dll (file missing)
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

je continue de regarder ton hijackthis
0
Réponse 15 / 35
Utilisateur anonyme
 
on en as bien vire mais je pense qu'il dois en rester encore quelques uns

fait ceci

scan en ligne :

Assure-toi que les contrôles active x soient bien configurés dans les options internet comme décrit sur ce lien=> http://www.inoculer.com/activex.php3

Fais un scan en ligne avec https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

On va te demander de télécharger un ou deux contrôles active x, accepte . Laisse le faire les mises à jour puis quand il aura fini, clique sur Suivant

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .
Le scan va commencer.Poste le rapport qui sera généré stp.

Aide en cas de problème : http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: le scan est à faire avec Internet Explorer

Reviens le rapport du ligne ainsi qu'un nouveau log hijackthis.
0
Réponse 16 / 35
jean
 
rapport sur IE : (comme quoi j'ai 3 virus !)

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 06, 2008 3:40:45 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 5/01/2008
Enregistrements dans la base antivirus Kaspersky : 469880
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\

Statistiques de l'analyse:
Total d'objets analysés: 62865
Nombre de virus trouvés: 3
Nombre d'objets infectés: 3 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:11:32

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\mr.badboy@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\mr.badboy@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012008010620080107\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\Perflib_Perfdata_55c.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF10F3.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF140F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFEDCE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFEEF7.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\janvier 2008\salim_filali11@hotmail.com.html L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Mes documents\Mes archives de conversations\janvier 2008\yousserghini@hotmail.com.html L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{6C0605F5-6BEB-411F-A244-4F5E999C935E}\RP4\change.log L'objet est verrouillé ignoré
C:\VundoFix Backups\bicndcjs.dll.bad Infecté : Backdoor.Win32.Agent.dlj ignoré
C:\VundoFix Backups\emywknxd.dll.bad Infecté : Trojan.Win32.Pakes.bwd ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\dtscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd1597.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ezzhjmt.dll Infecté : Trojan-Downloader.Win32.Bojo.ad ignoré

Analyse terminée.

et voila celui de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:44:35, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FBUJ Agent] C:\WINDOWS\system32\28463\FBUJ.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "c:\documents and settings\administrateur\application data\install_en[1].exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.26\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 17 / 35
Utilisateur anonyme
 
bonjour ca m'a l'air propre comment se porte ton pc ?ne met pas en resolus pour l'instant ! fait ceci car ce qui a ete detecte c'est dans les outils que nous avons utilises !

· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
0
Réponse 18 / 35
jean
 
ben c'est bon je pense tien voila le rapport :

-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\OtMoveIt.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\OtMoveIt.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Restauration annulée !
0
Réponse 19 / 35
Utilisateur anonyme
 
tu n'es pas à jour avec JAVA
-Java Runtime Environment (JRE)6u3 :
https://www.oracle.com/java/technologies/javase-downloads.html
Clique sur Download Java Runtime Environment (JRE) 6u3
Dans la page suivante coche Iaccept et télécharge Windows Offline Installation, Multi-language //jre-6u3-windows-i586-p.exe //13.89 MB
Tu l'installeras hors connexion.
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.

* Télécharge ce fichier sur le bureau :

http://downloads.malwareremoval.com/Nel/FixP.zip

Extrait et double clique sur Fix_Protocol_zones_ranges.reg.

Accepte lorsqu'il te demande de fusionner avec le registre.

reposte un nouveau rapport hiajckthis stp

0
Réponse 20 / 35
Utilisateur anonyme
 
pardon j'ai une bonne grippe nouvelles consigne plus haut post 19
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses