Infecté par virus...

Résolu
rayfic Messages postés 101 Statut Membre -  
rayfic Messages postés 101 Statut Membre -
Bonsoir à tous, mon pc est infecté par trojan ds sys 32,voici mon hi jack, j,ai besoin de votre aiide pour matter la bête

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:30, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\yayayxw.dll
O2 - BHO: (no name) - {D8374A04-E5CA-4C92-BFC0-89CF157404C0} - C:\WINDOWS\system32\mimefil.dll (file missing)
O2 - BHO: (no name) - {FB4B085D-0C9B-44A3-B28B-A66A0D00063C} - C:\WINDOWS\system32\khfda.dll (file missing)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJxdm037YYCA
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120w.bay120.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: yayayxw - C:\WINDOWS\SYSTEM32\yayayxw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7147 bytes
Configuration: Windows XP
Firefox 2.0.0.9

52 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par un trojan est décrite sur Windows XP SP2, accompagnée d'un log HijackThis listant de nombreuses entrées suspectes, des modules dans les Browser Helper Objects et des paramètres Run malveillants. Des solutions proposées incluent de relancer VundoFix puis d'exécuter ComboFix en mode sans échec, afin de supprimer yayayxw.dll et d'autres fichiers DLL malveillants révélés par les rapports. Le fil évoque des scans successifs par Avast et d'autres outils en réseau, signalant des composants initiaux dans le démarrage et des DLL suspectes comme éléments compromis, tout en avertissant de l'absence de Recovery Console. En outre, le rapport initial indique l'absence de Recovery Console, ce qui complique les opérations de réparation et peut nécessiter des méthodes alternatives de restauration.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Salut !

    (1) Télécharge VundoFix.exe par Atribune http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau.

    ° Double-clique sur VundoFix.exe afin de le lancer
    Clique sur le bouton Scan for Vundo
    Lorsque le scan est terminé, clique sur le bouton Remove Vundo
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK

    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse.

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.
    Il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    (2) Télécharge virtumondebegone (Poste le rapport)
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    to be continued.......
    0
  2. rayfic Messages postés 101 Statut Membre
     
    Bonjour, merci de ton aide.Voici les rapport
    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 17:02:39 2008-01-11

    Listing files found while scanning....

    C:\WINDOWS\system32\adfhk.ini
    C:\WINDOWS\system32\adfhk.ini2
    C:\WINDOWS\system32\khfda.dll
    C:\WINDOWS\system32\khfda.exe
    C:\WINDOWS\system32\yayayxw.dll

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 07:13:26 2008-01-17

    Listing files found while scanning....

    C:\WINDOWS\system32\khfda.dll
    C:\WINDOWS\system32\yayayxw.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\khfda.dll
    C:\WINDOWS\system32\khfda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yayayxw.dll
    C:\WINDOWS\system32\yayayxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\yayayxw.dll
    C:\WINDOWS\system32\yayayxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:57:19, on 2008-01-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\yayayxw.dll
    O2 - BHO: (no name) - {D8374A04-E5CA-4C92-BFC0-89CF157404C0} - C:\WINDOWS\system32\mimefil.dll (file missing)
    O2 - BHO: (no name) - {FB4B085D-0C9B-44A3-B28B-A66A0D00063C} - C:\WINDOWS\system32\khfda.dll (file missing)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZJxdm037YYCA
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
    O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
    O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
    O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
    O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120w.bay120.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    up !

    pour suivre ! ;-)

    ++
    0
  4. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    ok, on y va ! ;o)

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle le(s) fichier(s) ci-dessous en gras ( un par case) :

    C:\WINDOWS\system32\yayayxw.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outil demande un redémarrage, accepte
    * Poste le rapport Vundofix

    ensuite :
    Télécharge ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarre en mode sans echec
    * Double clique combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    to be continued.......

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. rayfic Messages postés 101 Statut Membre
     
    Salut, voici le premier

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 17:02:39 2008-01-11

    Listing files found while scanning....

    C:\WINDOWS\system32\adfhk.ini
    C:\WINDOWS\system32\adfhk.ini2
    C:\WINDOWS\system32\khfda.dll
    C:\WINDOWS\system32\khfda.exe
    C:\WINDOWS\system32\yayayxw.dll

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 07:13:26 2008-01-17

    Listing files found while scanning....

    C:\WINDOWS\system32\khfda.dll
    C:\WINDOWS\system32\yayayxw.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\khfda.dll
    C:\WINDOWS\system32\khfda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yayayxw.dll
    C:\WINDOWS\system32\yayayxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\yayayxw.dll
    C:\WINDOWS\system32\yayayxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\yayayxw.dll
    C:\WINDOWS\system32\yayayxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\yayayxw.dll
    C:\WINDOWS\system32\yayayxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
    0
  7. rayfic Messages postés 101 Statut Membre
     
    voici le second,
    ComboFix 08-01-13.1 - Raymond 2008-01-17 15:28:52.3 - [color=red][b]FAT32[/b][/color]x86 MINIMAL
    Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\nnlmn.dll
    C:\WINDOWS\system32\wvwxx.dll
    C:\WINDOWS\system32\xxwwv.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 15:21 . 2008-01-17 15:21 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-01-16 21:44 . 2008-01-16 21:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-16 16:28 . 2008-01-16 16:28 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-15 08:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-14 15:25 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-14 15:25 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-14 15:25 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-14 15:25 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-14 15:25 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-14 15:25 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-14 15:25 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-11 17:02 . 2008-01-11 17:02 <REP> d-------- C:\VundoFix Backups
    2008-01-11 13:20 . 2008-01-11 13:20 <REP> d-------- C:\Documents and Settings\Raymond\Application Data\RegistrySmart
    2008-01-07 14:46 . 2008-01-07 14:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2008-01-07 14:43 . 2008-01-07 14:43 37,888 --------- C:\WINDOWS\system32\yayayxw.dll
    2008-01-07 14:41 . 2008-01-07 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-18 09:46 . 2007-12-18 09:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 21:27 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-15 21:11 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Greenpoint
    2007-12-09 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-09 23:46 --------- d-----w C:\Program Files\xp-AntiSpy
    2007-12-02 22:10 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-12-02 18:57 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-11-23 21:40 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
    2007-11-23 21:40 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Adssite Advanced Toolbar
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-05-26 07:27 18,312 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT
    .
    [code]<pre>
    ----a-w 151,597 2008-01-07 20:46:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    ----a-w 5,674,352 2008-01-07 20:46:30 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    ----a-w 132,496 2008-01-07 20:46:10 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 319,532 2008-01-07 20:46:22 C:\Program Files\Magentic\bin\Magentic .exe
    ----a-w 271,672 2008-01-07 20:46:14 C:\Program Files\iTunes\iTunesHelper .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((( snapshot@2008-01-15_ 8.34.21.85 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-16 21:29:06 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-01-16 21:29:06 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-01-16 21:29:06 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-01-16 21:29:10 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2008-01-16 22:07:38 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-01-16 21:29:12 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-01-16 21:29:08 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
    - 2007-08-18 21:26:46 102,400 ----a-r C:\WINDOWS\Installer\{974C05A0-C76C-4724-A9A2-11D5D1355729}\iTunesIco.exe
    + 2008-01-16 21:23:02 102,400 ----a-r C:\WINDOWS\Installer\{974C05A0-C76C-4724-A9A2-11D5D1355729}\iTunesIco.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-18 09:46 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}]
    2008-01-07 14:43 37888 --------- C:\WINDOWS\system32\yayayxw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8374A04-E5CA-4C92-BFC0-89CF157404C0}]
    C:\WINDOWS\system32\mimefil.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB4B085D-0C9B-44A3-B28B-A66A0D00063C}]
    C:\WINDOWS\system32\khfda.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\yayayxw.dll [2008-01-07 14:43 37888]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2006-03-02 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe]
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe]
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
    --a------ 2008-01-15 08:18 393216 C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
    C:\WINDOWS\Fonts\svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    C:\WINDOWS\system32\khfda.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
    C:\PROGRA~1\MAGENTIC\bin\Magentic.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MétéoIMédia]
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
    C:\Program Files\SPYWAREfighter\spftray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzz_ImInstaller_IncrediMail]
    C:\DOCUME~1\Raymond\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe

    S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys []
    S3 REMOVE;REMOVE;C:\WINDOWS\system32\drivers\REMOVE.SYS []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\2 Copernic Daily ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\3 Copernic Weekly ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\4 Copernic Monthly ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2007-12-15 21:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 18:20:40 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 15:30:51
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 15:31:20
    ComboFix-quarantined-files.txt 2008-01-17 20:31:18
    ComboFix3.txt 2008-01-15 13:35:02
    ComboFix2.txt 2008-01-17 02:58:14
    .
    2008-01-08 19:20:44 --- E O F ---
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    quelqu'un veut se lancer dans le script ??

    ++
    0
  9. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Arffff, il ne veux pas se barrer celui ci yayayxw.dll http://www.castlecops.com/tk41223-random_filename.html

    on continue !

    Télécharge ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    il y a déjà un rapport combo ! ;-P
    0
  11. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    derme, on s'est croisé !
    quelqu'un veut se lancer dans le script ?? je tente, tu surveilles ;o)
    0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok !

    ++
    0
  13. rayfic Messages postés 101 Statut Membre
     
    OK j'essaie à nouveau.
    0
  14. rayfic Messages postés 101 Statut Membre
     
    ComboFix 08-01-13.1 - Raymond 2008-01-17 16:13:06.4 - [color=red][b]FAT32[/b][/color]x86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.502 [GMT -5:00]
    Running from: C:\Documents and Settings\Raymond\Bureau\ComboFix.exe

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cbxxw.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 15:21 . 2008-01-17 15:21 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-01-16 21:44 . 2008-01-16 21:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-16 16:28 . 2008-01-16 16:28 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-15 08:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-14 15:25 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-14 15:25 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-14 15:25 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-14 15:25 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-14 15:25 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-14 15:25 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-14 15:25 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-11 17:02 . 2008-01-11 17:02 <REP> d-------- C:\VundoFix Backups
    2008-01-11 13:20 . 2008-01-11 13:20 <REP> d-------- C:\Documents and Settings\Raymond\Application Data\RegistrySmart
    2008-01-07 14:46 . 2008-01-07 14:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2008-01-07 14:43 . 2008-01-07 14:43 37,888 --------- C:\WINDOWS\system32\yayayxw.dll
    2008-01-07 14:41 . 2008-01-07 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-18 09:46 . 2007-12-18 09:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 21:27 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-15 21:11 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Greenpoint
    2007-12-09 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-09 23:46 --------- d-----w C:\Program Files\xp-AntiSpy
    2007-12-02 22:10 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-12-02 18:57 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-11-23 21:40 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
    2007-11-23 21:40 --------- d-----w C:\Documents and Settings\Raymond\Application Data\Adssite Advanced Toolbar
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-05-26 07:27 18,312 ----a-w C:\Documents and Settings\Raymond\Application Data\GDIPFONTCACHEV1.DAT
    .
    [code]<pre>
    ----a-w 151,597 2008-01-07 20:46:12 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    ----a-w 5,674,352 2008-01-07 20:46:30 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    ----a-w 132,496 2008-01-07 20:46:10 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 319,532 2008-01-07 20:46:22 C:\Program Files\Magentic\bin\Magentic .exe
    ----a-w 271,672 2008-01-07 20:46:14 C:\Program Files\iTunes\iTunesHelper .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((( snapshot@2008-01-15_ 8.34.21.85 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-16 21:29:06 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-01-16 21:29:06 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-01-16 21:29:06 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-01-16 21:29:10 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2008-01-16 22:07:38 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-01-16 21:29:12 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-01-16 21:29:08 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
    - 2007-08-18 21:26:46 102,400 ----a-r C:\WINDOWS\Installer\{974C05A0-C76C-4724-A9A2-11D5D1355729}\iTunesIco.exe
    + 2008-01-16 21:23:02 102,400 ----a-r C:\WINDOWS\Installer\{974C05A0-C76C-4724-A9A2-11D5D1355729}\iTunesIco.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-18 09:46 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}]
    2008-01-07 14:43 37888 --------- C:\WINDOWS\system32\yayayxw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8374A04-E5CA-4C92-BFC0-89CF157404C0}]
    C:\WINDOWS\system32\mimefil.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB4B085D-0C9B-44A3-B28B-A66A0D00063C}]
    C:\WINDOWS\system32\khfda.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\yayayxw.dll [2008-01-07 14:43 37888]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2006-03-02 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe]
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote .exe]
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
    --a------ 2008-01-15 08:18 393216 C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
    C:\WINDOWS\Fonts\svchost.exe
    Voici ce que ça donne.
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    C:\WINDOWS\system32\khfda.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
    C:\PROGRA~1\MAGENTIC\bin\Magentic.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MétéoIMédia]
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
    C:\Program Files\SPYWAREfighter\spftray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzz_ImInstaller_IncrediMail]
    C:\DOCUME~1\Raymond\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe

    S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys []
    S3 REMOVE;REMOVE;C:\WINDOWS\system32\drivers\REMOVE.SYS []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\2 Copernic Daily ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\3 Copernic Weekly ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2006-10-10 02:39:00 C:\WINDOWS\Tasks\4 Copernic Monthly ~SALON Raymond.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2007-12-15 21:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 18:20:40 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 16:14:41
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 16:15:07
    ComboFix-quarantined-files.txt 2008-01-17 21:15:06
    ComboFix4.txt 2008-01-15 13:35:02
    ComboFix3.txt 2008-01-17 02:58:14
    ComboFix2.txt 2008-01-17 20:31:22
    .
    2008-01-08 19:20:44 --- E O F ---
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    il va falloir choisir un poste et y rester !

    ne pas mobiliser plusieurs personnes pour le même problème ...

    ++
    0
    1. rayfic Messages postés 101 Statut Membre
       
      Je m'excuse si cela te contrarie.J'ai 2 PC différent avec deux problème différent.Nous travaillons avec un décalage de 5 hres et EP44 m'aide pour l'autre PC depuis samedi dernier.En voie de réussir.
      0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    0
  17. rayfic Messages postés 101 Statut Membre
     
    Ok merci de me comprendre!
    0
  18. rayfic Messages postés 101 Statut Membre
     
    je l,ai téléchargé,dézippé,il ouvre et referme aussitôt!!
    0
  19. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    essaye en mode sans echec !

    ++
    0
  20. rayfic Messages postés 101 Statut Membre
     
    cela donne ceci
    C:\WINDOWS\system32\adssite_sidebar.dll - [b]Trouve[/b] !
    C:\WINDOWS\system32\adssite_sidebar.dll - Supprime !
    ----------
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe - [b]Trouve[/b] !
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe - Supprime !
    ----------
    C:\WINDOWS\system32\rightonadz-uninst.exe - [b]Trouve[/b] !
    C:\WINDOWS\system32\rightonadz-uninst.exe - Supprime !
    ----------
    C:\WINDOWS\system32\adssite-remove.exe - [b]Trouve[/b] !
    C:\WINDOWS\system32\adssite-remove.exe - Supprime !
    ----------
    C:\Program Files\Adssite Advanced Toolbar - [b]Trouve[/b] !
    C:\Program Files\Adssite Advanced Toolbar - Supprime !
    ----------
    0
  • 1
  • 2
  • 3